New Ubuntu-Firefox - maybe safer but not 100%

Tommy Trussell tommy.trussell at gmail.com
Fri May 13 15:10:43 UTC 2005


On 5/13/05, Arjan Geven - CURE <geven at cure.at> wrote:
> Since Ubuntu backports security-updates into their own version, the
> disease is actually fixed. Mozilla just doesn't recognize that because
> the version number is not updated. Manually changing the version number
> to trick the Mozilla website helps then.
> 
> Back to your metaphor: in the X-ray, there was not really lung cancer in
> the picture but just a spot on the camera lense (or whatever). You touch
> up the X-ray to avoid faulty diagnosis..

Thank you for the clarification -- I had ignored that part of the
equation for dramatic effect, but it is important.

I think in the case of a security bug it's VERY important for the
browser to correctly report whether it's been patched. Since Ubuntu
does not "own" the code it doesn't really matter what Ubuntu calls the
package, but if the Ubuntu package includes everything in 1.0.4 (or
some future 1.0.6 or whatever) then the browser needs to tell the
world that it's OK.

Since as a later poster to the list (Arjan Geven) pointed out, the
Mozilla web site checks the user agent string, then (in my opinion)
the updated Ubuntu package should update the string to conform with
what Mozilla expects. I know this might violate a Ubuntu policy, but
one advantage of having rules is being able to modify them when logic
dictates it.

Of course within the current structure, I hope someone has filed a bug
against the Firefox package spelling out the user-agent and mozilla
update situation -- I haven't checked yet.




More information about the ubuntu-users mailing list