Ok, folks: Mozilla and Firefox support for Legacy -- what is your pleasure?

Sat Jun 10 00:35:37 UTC 2006

Hi folks,

Pardon my top-posting.  We may have some options here for the relatively-
newly-discovered Mozilla/Firefox/Thunderbird/Seamonkey vulnerabilities, and
I'd like to get a feel for what you all would like to do?

(I believe) Red Hat is backporting patches for the Mozilla-1.7.13 / Firefox-
1.0.8 packages that we just (belatedly) released yesterday...  (and perhaps
for Thunderbird too?)  But then after these patches, my under- standing then
is that that's the end-of-the-line for RHEL-supported Mozilla-1.7.13/
{Firefox,Thunderbird}-1.0.8 packages.  And there is no way that we have the
kind of expertise to extend support beyond what RHEL can do on these
products....

Shall we just migrate now to Seamonkey-1.0.2 and {Firefox,Thunderbird}-
1.5.0.4 (that fix all the published critical and non-critical vulner-
abilities) and be done with it?  Or wait and see what updated Mozilla/
Firefox/Thunderbird comes out of the efforts being lead by Christopher
Aillon of Red Hat (see below)?

Thanks for your input.

	Warm regards,

	David Eisenstein

>> On 6/9/2006 10:33 CDT, David Eisenstein wrote:
>> > I heard a rumor the other day that Red Hat Enterprise Linux may be planning
>> > to replace Mozilla with Seamonkey in their currently-maintained distros.  Am
>> > wondering if there is any truth to this rumor?  Also wondering if there is
>> > anything we in Fedora Legacy can do to help in this process of dealing with
>> > these critical Mozilla/Firefox/Seamonkey bugs?

> On 6/9/2006 12:08 CDT, Josh Bressers <bressers at redhat.com> wrote:
>> This is true.  We're going with seamonkey in RHEL.  I think this current
>> round of issues is proof as to why this has to happen.  Backporting to the
>> firefox 1.0 branch is nearly impossible given the drastic changes between
>> versions.
>>
>> Right now we're furiously working on backporting patches for the most
>> critical issues.  If you want to help mail Chris Aillon (caillon at redhat)
>> with your request.  He's currently heading up a small group of various
>> distributors trying to get all this work done.

On 6/9/2006 12:44 CDT, Stephen John Smoogen wrote:
> I would say that it is not worth the effort to do that much
> backporting. I am having to deal with sites that just want to block
> old Firefox browser strings anyway at their firewalls. So my day job
> is basically going to be get 1.5.0.4{5,6,7} onto RHL-7.3 -> RHEL-4
> anyway.
> 
> My {I am not much of a coder, but have to deal with the mess left over
> by them} possition would be that  getting a modularized javascript
> interpreter written, debugged, security minded than trying to back-fix
> things might be a better idea.