On 03/16/2012 05:47 AM, Yasha Karant wrote:
> On 03/15/2012 02:57 PM, g wrote:
>> On 03/15/2012 07:39 PM, Stephan Wiesand wrote:
>>> Dear developers,
>>>
>>> I hate being such a PITR, but have to ask: Is there an ETA for those
>>> updates? What's the problem? Yes it's 3.x -> 10.x, but it has been obvious
>>> for weeks that this would happen eventually. CentOS got those out 24h ago.
>>> What about SL? Any chance we'll see rebuilds at least in
>>> {5,6}rolling/testing tomorrow?
>> -=-
>>
>> before you go jumping into 'latest and greatest' from mozilla,
>> you should check out their mailing lists and/or news groups.
>>
>>
>> there is nothing 'great' about all the problems i am seeing
>> on their list.
>>
>>
>
> Does the above "nothing 'great'" mean that the content on:
>
> http://www.mozilla.org/security/known-vulnerabilities/firefox.html
>
> and similar URLs for other Mozilla applications, is not anything about
> which to be concerned? Have these security updates been backported by
> TUV into what are nominally earlier releases of the various Mozilla
> applications?
>
> If this is not the case, why are the security concerns not important?
>
> Yasha Karant
>
first off, you make no mention of which sl or mozilla releases you are using,
nor where you pulled them.
from your header, i see that you are using;
Mozilla/5.0 (X11; Linux i686; rv:10.0.2)
Gecko/20120216 Thunderbird/10.0.2
which you may have manually installed in "sl 5.x", or you are using
"sl 6.x", and it is a fnal.gov "fastbugs" rpm;
firefox-10.0.1-1.el6_2.i686.rpm 24-Feb-2012 14:53
firefox-10.0.1-1.el6_2.x86_64.rpm 24-Feb-2012 14:54
thunderbird-10.0.1-3.el6_2.i686.rpm 24-Feb-2012 14:53
thunderbird-10.0.1-3.el6_2.x86_64.rpm 24-Feb-2012 14:54
where as the security releases show;
firefox-3.6.26-1.el6_2.i686.rpm 01-Feb-2012 12:01
firefox-3.6.26-1.el6_2.x86_64.rpm 01-Feb-2012 12:01
thunderbird-3.1.18-2.el6_2.i686.rpm 16-Feb-2012 16:09
thunderbird-3.1.18-2.el6_2.x86_64.rpm 16-Feb-2012 16:09
the above rpms are what are shown in paths below;
http://ftp.scientificlinux.org/linux/scientific/6x/
so, where you pulled your release, i do not know, nor would i guess.
i am running;
Scientific Linux SL release 5.5 (Boron)
using;
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.26)
Gecko/20120216 Red Hat/3.6-1.el5_7 Firefox/3.6.26
Thunderbird 2.0.0.24 (X11/20120201)
as for security updates, i am current by these notices;
}> Date: Wed, 1 Feb 2012 14:00:05 -0600
}> Message-Id: <[log in to unmask]>
}> To: [log in to unmask]
}> Subject: Security ERRATA Critical: thunderbird on SL4.x, SL5.x i386/x86_64
}> From: [log in to unmask]
}>
}> Issue Date: 2012-02-01
}> CVE Numbers: CVE-2012-0442
}> CVE-2011-3670
}> Date: Wed, 1 Feb 2012 14:00:29 -0600
}> Message-Id: <[log in to unmask]>
}> To: [log in to unmask]
}> Subject: Security ERRATA Critical: firefox on SL4.x, SL5.x, SL6.x
}> i386/x86_64
}> From: [log in to unmask]
}>
}> Issue Date: 2012-01-31
}> CVE Numbers: CVE-2012-0442
}> CVE-2011-3670
}> CVE-2012-0449
}> CVE-2012-0444
}> CVE-2011-3659
so i have little concern about security problems.
*now*, lets "separate the apples from the oranges".
i said _problems_ and you bring up _security_. 2 entirely different matters
of concern.
the 'mailing list'/'news groups' that i made reference to have nothing to
do with security. they relate to operating problems and i see many problems
being posted every day.
granted most of the problems are operator related. those that are not,
stock answer is 'update to latest release'.
also, most of of the post are oos related. a few are mac related. very few
are linux related.
why this is, i do not know, other than if a linux user has a problem, he/she
have the intellect to first search for problems had by others and most likely
find a solution.
oos users do not seem to have this level of intellect and find it easier to
ask without searching. which is why oos users are just that. users.
mozilla devs are going thru a 'keeping up' phase that started after google
chrome was released and google started throwing out new releases. there
was a lot of 'traffic' about this and there has never been a good explanation
from the devs as to just why they are doing such. also, they are not fixing
a lot of the bugs in there releases until that have enough built up to put
out a new release. this is evident if you look are v/r numbers of what is
being released now compared to v/r that are in versions prior to 4.x
such practices are not found in good linux distribs, other than with fedora,
as fedora is actually a debugging distrib for redhat enterprise.
so, i maintain my statement. if you want to upgrade to 'latest and greatest',
go ahead. but do expect *problems*. if you want to deal with *problems*,
upgrade every time mozilla devs make a new release.
all in all, scientific linux is a very stable distrib and well maintained
and supported. if is unfortunate that there are not any email clients and
web browsers that meet the standards of fnal.gov.
--
peace out.
tc.hago,
g
.
*please reply "plain text" only. "html text" are deleted*
****
in a free world without fences, who needs gates.
**
help microsoft stamp out piracy - give linux to a friend today.
**
to mess up a linux box, you need to work at it.
to mess up an ms windows box, you just need to *look* at it.
**
The installation instructions stated to install Windows 2000 or better.
So I installed Linux.
**
learn linux:
'Rute User's Tutorial and Exposition' http://rute.2038bug.com/index.html
'The Linux Documentation Project' http://www.tldp.org/
'LDP HOWTO-index' http://www.tldp.org/HOWTO/HOWTO-INDEX/index.html
'HowtoForge' http://howtoforge.com/
****
|
