Opened 14 years ago

Closed 14 years ago

#2467 closed task (fixed)


Reported by: ken@… Owned by: ken@…
Priority: normal Milestone: 6.3
Component: BOOK Version: SVN
Severity: normal Keywords:


As always, the update fixed a number of identified vulnerabilities. This is no longer exactly new, (book is still on, perhaps the book should mention that update to the firefox-2 series address security issues, and encourage builders to use the latest available version.

We encourage you to use the latest available version | If there is a newer version of firefox-2 than this one, use it ?

Or do we assume everyone is keeping up to speed on security ?

Change History (8)

comment:1 by ken@…, 14 years ago

Owner: changed from blfs-book@… to ken@…
Status: newassigned

I've noted the extreme reluctance on the list to recommend (future) versions that the editors haven't tried, so for now I'll drop that suggestion.

comment:2 by Ag. Hatzimanikas, 14 years ago

I always encourage people to upgrade to newer (even development) versions. But I am not really sure if this can be a fixed policy; we can still propagandize it of course through the mailing lists.

But in some specific packages like firefox, where security is really a concern, then perhaps a small note (for me) is acceptable. Especially if it is for a minor version update. My last build from the stable branch was and I think, I never had to change anything in the build instructions since the first build in 2.* series.

comment:3 by Ag. Hatzimanikas, 14 years ago

And that doesn't want to sound, like if security is not a concern in every package. Well it is, but in some we have to be really sensitive about that matter. And a browser it belongs to that category. And if we dare to look in the firefox/seamonkey/thunderbird changelogs, we'll find a lot of security holes that got fixed through the updates. So Ken certainly has a point.

comment:4 by ken@…, 14 years ago

Thanks for that, but my proposed suggestion was specifically aimed at the 6.3 book (some people are reluctant to use the development book). I think firefox-3 is supposed to be fully released soon, so I won't be surprised if the development book moves to that soon, and then the editors will ignore all 2.0 updates.

I've been using for a few days, it seems adequately stable on both architectures I've tried.

comment:5 by dnicholson@…, 14 years ago

I've been keeping up with the updates, but not getting them into the book. Mozilla is definitely very guarded on what types of changes get into the stable version. No build fixes/features/etc. Only security and bug fixes. So, I'd imagine you can bump the version and md5sum and call it a day. That's all I've had to do through the 2.0.0.x series.

comment:6 by ken@…, 14 years ago

Resolution: fixed
Status: assignedclosed

fixed in r7226

comment:7 by Randy McMurchy, 14 years ago

Resolution: fixed
Status: closedreopened
Summary: firefox-

The .mozconfig file for download was not updated during the Firefox update. Reopening this ticket to ensure it gets done. If it isn't done already, I'll update the file when I update the Thunderbird one.

comment:8 by Randy McMurchy, 14 years ago

Resolution: fixed
Status: reopenedclosed

Created the current version .mozconfig file.

Note: See TracTickets for help on using tickets.