firefox 1.0.5?
Henning Kilset Pedersen
henning at mopo.no
Fri Jul 15 08:27:47 UTC 2005
On Fri, 2005-07-15 at 13:29 +1000, James Livingston wrote:
> On Fri, 2005-07-15 at 00:43 +0100, Dick Davies wrote:
> > Also, is there a sensible reason not to just bump the firefox
> > packages up to the latest versions rather than backporting all
> > the time? It would make it so much easier to check if you were
> > up to date.
>
> Two main reasons: a) the new versions of Firefox contain new features,
> which themselves could contain new security holes and b) if this got
> done for Firefox, why not every other package in Ubuntu?
First of all, I completely agree with much of the stance that the
Mozilla developers need to allow extension downloads etc. for browsers
older than the latest release (currently 1.0.5).
But the fact of the matter remains - Ubuntu Hoary users are exposed to
several well-known security holes in the Firefox browser - a large and
important part of their desktop computing experience - as long as
firefox is not upgraded to the latest version.
There will be new security holes in new versions, you can take that for
granted. But at least those security holes are not well-known,
well-publicized problems. The current ones not fixed in 1.0.2, on the
other hand, are by now very well known.
I think security has to come first in this matter. Firefox is a very
central application, and should be included in security updates of the
base system. Otherwise, thousands of users are simply *forced* in my
opinion to break the integrity of their installation by going outside
the package management system and download firefox updates from the
Mozilla website. Is that a situation we want?
Regards,
Henning Pedersen
More information about the ubuntu-users
mailing list