[arch-general] SeaMonkey outdated. Critical security holes in the current version!
Hello Archlinux team, the SeaMonkey package is outdated. Many critical issues have been fixed in the current version: http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html So in my opinion a fixed package is required as soon as possible. As SeaMonkey contains a browser component and there may be people who use this to surf the internet, in my opinion new versions should be packaged with the same priority as Firefox packages. The only alternative would be to drop the package at all. Yours Manuel Reimer
On Tue, Jan 15, 2013 at 5:00 PM, Manuel Reimer <Manuel.Spam@nurfuerspam.de> wrote:
The only alternative would be to drop the package at all.
It has only been marked out-of-date for one week, so don't despair yet :-) Notice that the package was recently dropped from [extra] to [community]. Cheers, Tom [0]: <https://mailman.archlinux.org/pipermail/arch-dev-public/2012-November/024075.html>.
Manuel Reimer wrote:
Hello Archlinux team,
the SeaMonkey package is outdated. Many critical issues have been fixed in the current version:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
So in my opinion a fixed package is required as soon as possible.
As SeaMonkey contains a browser component and there may be people who use this to surf the internet, in my opinion new versions should be packaged with the same priority as Firefox packages. The only alternative would be to drop the package at all.
If you're concerned, you could do what I do - download the build information from the ABS and build it yourself. A bit of minor editing of the PKGBUILD is required, and the build takes a while (around and hour twenty minutes on my Core"Duo laptop), but that is it... Paul.
Paul Marwick wrote:
If you're concerned, you could do what I do - download the build information from the ABS and build it yourself. A bit of minor editing of the PKGBUILD is required, and the build takes a while (around and hour twenty minutes on my Core"Duo laptop), but that is it...
Sorry, but that's not the way how things should work. If a distribution offers a package, then it should also offer updates for it. Most users don't monitor all the packages, a distribution offers, for possible holes. They just trust their distributor to ship security updates on time. As long as you have the SeaMonkey package one of your primary repositories, you also signal to users, that you plan to update this package. If you can't keep it updated, please drop it and, for example, tell your users to switch to Firefox and Thunderbird. Bad reaction time on security holes was one of the top reasons, why I ported from Slackware to Archlinux and now it seems like Archlinux isn't much better there... Yours Manuel
Hrm... this got dropped to [community] so that there would be a better response time to updates. Obviously it has not happened, so it should be dropped. I'll wait 24 hours... Allan
participants (4)
-
Allan McRae
-
Manuel Reimer
-
Paul Marwick
-
Tom Gundersen