Opened 16 years ago
Closed 16 years ago
#2467 closed task (fixed)
Firefox-2.0.0.12
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | normal | Milestone: | 6.3 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
As always, the update fixed a number of identified vulnerabilities. This is no longer exactly new, (book is still on 2.0.0.6), perhaps the book should mention that update to the firefox-2 series address security issues, and encourage builders to use the latest available version.
We encourage you to use the latest available version | If there is a newer version of firefox-2 than this one, use it ?
Or do we assume everyone is keeping up to speed on security ?
Change History (8)
comment:1 by , 16 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 16 years ago
I always encourage people to upgrade to newer (even development) versions. But I am not really sure if this can be a fixed policy; we can still propagandize it of course through the mailing lists.
But in some specific packages like firefox, where security is really a concern, then perhaps a small note (for me) is acceptable. Especially if it is for a minor version update. My last build from the stable branch was 2.0.0.11 and I think, I never had to change anything in the build instructions since the first build in 2.* series.
comment:3 by , 16 years ago
And that doesn't want to sound, like if security is not a concern in every package. Well it is, but in some we have to be really sensitive about that matter. And a browser it belongs to that category. And if we dare to look in the firefox/seamonkey/thunderbird changelogs, we'll find a lot of security holes that got fixed through the updates. So Ken certainly has a point.
comment:4 by , 16 years ago
Thanks for that, but my proposed suggestion was specifically aimed at the 6.3 book (some people are reluctant to use the development book). I think firefox-3 is supposed to be fully released soon, so I won't be surprised if the development book moves to that soon, and then the editors will ignore all 2.0 updates.
I've been using 2.0.0.12 for a few days, it seems adequately stable on both architectures I've tried.
comment:5 by , 16 years ago
I've been keeping up with the updates, but not getting them into the book. Mozilla is definitely very guarded on what types of changes get into the stable version. No build fixes/features/etc. Only security and bug fixes. So, I'd imagine you can bump the version and md5sum and call it a day. That's all I've had to do through the 2.0.0.x series.
comment:7 by , 16 years ago
| Resolution: | fixed |
|---|---|
| Status: | closed → reopened |
| Summary: | firefox-2.0.0.12 → Firefox-2.0.0.12 |
The .mozconfig file for download was not updated during the Firefox update. Reopening this ticket to ensure it gets done. If it isn't done already, I'll update the file when I update the Thunderbird one.
comment:8 by , 16 years ago
| Resolution: | → fixed |
|---|---|
| Status: | reopened → closed |
Created the current version .mozconfig file.
I've noted the extreme reluctance on the list to recommend (future) versions that the editors haven't tried, so for now I'll drop that suggestion.