New Ubuntu-Firefox - maybe safer but not 100%

James Wilkinson ubuntu at westexe.demon.co.uk
Fri May 13 16:23:44 UTC 2005


Tommy Trussell wrote:
> I think in the case of a security bug it's VERY important for the
> browser to correctly report whether it's been patched. Since Ubuntu
> does not "own" the code it doesn't really matter what Ubuntu calls the
> package, but if the Ubuntu package includes everything in 1.0.4 (or
> some future 1.0.6 or whatever) then the browser needs to tell the
> world that it's OK.
> 
> Since as a later poster to the list (Arjan Geven) pointed out, the
> Mozilla web site checks the user agent string, then (in my opinion)
> the updated Ubuntu package should update the string to conform with
> what Mozilla expects. I know this might violate a Ubuntu policy, but
> one advantage of having rules is being able to modify them when logic
> dictates it.

If a package had a "security and serious patch only" branch (and I do
wonder why more don't, considering the number of distributions that like
such things), this might be a Good Idea.

But I don't believe Ubuntu *does* include everything in Firefox 1.0.4,
and in general prefers to port fixes back to the previous version.

So it's not Firefox 1.0.4 As The Rest Of The World Knows It.

James.

-- 
E-mail address: james | Dell decided to deck its workstation Itanics late last
@westexe.demon.co.uk  | year citing the compelling reason that it hadn't sold
                      | any.
                      |     -- Mike Magee, The Inquirer, 9 January 2002.




More information about the ubuntu-users mailing list