firefox 1.0.5?

Fri Jul 15 12:08:23 UTC 2005

how i update firefox 1.0.3 to 1.0.5 in Ubuntu?

On 7/15/05, Dick Davies <rasputnik at hellooperator.net> wrote:
> * James Livingston <jrl at ids.org.au> [0721 11:21]:
> > On Fri, 2005-07-15 at 10:55 +0100, Dick Davies wrote:
> > > But my question was why 1.0.5 isn't in yet. The holes in 1.0.4 are now public
> > > knowledge.
> > >
> > > I can live with a browser called 1.0.2, whether that baffles me or not,
> > > so long as my browser isn't full of holes.
> 
> > It takes time to check to ensure that a) the backported patch actually
> > fixes the flaw b) doesn't open up any new security holes and c) doesn't
> > break functionality in any way.
> 
> a) has already been tested by the people who release the software surely?
> and b) and c) are impossible with finite resources.
> 
> This makes it sound like ubuntu audits all its code before installing, and I
> can't believe that. If a developer says 'version 0.8 of fooapp is released,
> it fixes these bugs in 0.7', do you not trust them? You're using their code
> after all.
> 
> > > If more recent firefoxes cause incompatibility problems (I don't know of any
> > > examples of that, but I'll take your words for it) that should be resolved by
> > > pinning versions, not by letting users limp along with software that by its
> > > nature is exposed to all sorts of scripting attacks daily.
> >
> > Just imagine if they quickly created a 1.0.5 package and released it
> > ASAP; sure the security flaw is (probably) fixed, but there could be
> > side-effects. What happens if 1.0.5 breaks other applications that use
> > Gecko, such as Liferea, DevHelp, et cetera? (there are quite a few of
> > them)
> 
> OK, let's not imagine. Are there any examples where this has happened?
> 
> A fast update (which has already been tested by the firefox
> team, incidentally) *might* cause problems.
> A slower (tested) update *definitely* leaves the user vulnerable to known, serious
> security holes.
> 
> As you say, there are a lot of apps that depend on firefox, so until it's bumped
> they are all vulnerable.
> 
> > If Firefox was given special treatment, because it's a "core
> > application", what else should be considered the same? The entire set of
> > main Gnome (and KDE) applications? things like Epiphany (the Gnome web
> > browser, also Gecko based)? half the things in main? If we go down that
> > road, I know things *will* break, and there will be major problems.
> 
> I'm not talking abouth special treatment, this is just the one I've noticed
> and been alarmed by.
> 
> We aren't talking about nighly builds here, this is an official release.
> I think the fears of potential incompatibility are outweighed by the risks of
> keeping *known* bugs around.
> 
> The list at:
> 
> http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox
> 
> are already major problems.
> 
> In my book, *potentially* not having liferea work exactly the same is just not
> that big a deal by comparison.
> 
> --
> 'The heroes claimed that they did care about people getting shot,
> so they crashed their cars into them instead.'
>                 -- DNA, on 'Starsky and Hutch'
> Rasputin :: Jack of All Trades - Master of Nuns
> 
> 
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> http://lists.ubuntu.com/mailman/listinfo/ubuntu-users
> 
> 
> 
> 

-- 
================================
Vinícius Franco do Nascimento
vinicius.nascimento at gmail.com
http://vinicius.objectis.net/