LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

January 2013

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS January 2013

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Current production Firefox and Thunderbird on X86-64 SL 6x
From:	Paul Robert Marino <[log in to unmask]>
Reply To:	Paul Robert Marino <[log in to unmask]>
Date:	Thu, 31 Jan 2013 13:49:07 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (48 lines)

Honestly if your information security people at your university think
the latest cutting edge version of Firefox is more secure than the
stable patched and thoroughly tested version included with SL than
they aren't really information security people!
In fact most real info sec people don't hate windows update and ban
people from downloading the newest version of a browser because the
latest version usually includes security holes that no ones discovered
yet.
At least with a know vulnerability you can monitor for it, patch it,
or ensure that the hole isn't exposed.


On Thu, Jan 31, 2013 at 11:53 AM, Konstantin Olchanski
<[log in to unmask]> wrote:
> On Thu, Jan 31, 2013 at 12:46:16AM -0800, Yasha Karant wrote:
>> My university network security unit requires that the latest
>> production releases of particular network applications be installed ...
>
> The situation with Firefox in SL is identical to the situation
> with IE in Windows and with Safari in MacOS.
>
> If your security officer is happy with you running the version
> of IE installed by Windows self updates, and the version of Safari
> installed by MacOS self updates, what is his objection to the version
> of Firefox installed by SL self updates?
>
> If your security officer does not know SL from Adam, or is worried
> that the SL version of Firefox is not up-to-date on security fixes
> compared to the Mozilla firefox, you can pointing him to the security
> section on the web site of the pay-ware version of SL.
>
> For example, here is the security advisory for the latest firefox update:
> https://rhn.redhat.com/errata/RHSA-2013-0144.html
>
> Here is the mailing list with all security advisories:
> https://www.redhat.com/archives/rhsa-announce/2013-January/date.html
>
> By looking at these advisories, your security officer can see for themselves
> if "pay-ware SL" and "free SL" are up to date on security fixes
> to the SL version of firefox in general and as compared to firefox
> from Mozilla.
>
> --
> Konstantin Olchanski
> Data Acquisition Systems: The Bytes Must Flow!
> Email: olchansk-at-triumf-dot-ca
> Snail mail: 4004 Wesbrook Mall, TRIUMF, Vancouver, B.C., V6T 2A3, Canada

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV