On Sun, Apr 24, 2016 at 10:51 PM, ToddAndMargo <[log in to unmask]> wrote:
> On 04/24/2016 07:43 PM, ToddAndMargo wrote:
>>>>
>>>> On Apr 24, 2016 20:32, "ToddAndMargo" <[log in to unmask]
>>>> <mailto:[log in to unmask]>> wrote:
>>>>
>>>> Hi All,
>>>>
>>>> Seems like SL7 is not keeping up with Firefox and Thunderbird
>>>> updates anymore. EL Linux is suppose to keep up with security
>>>> updates
>>>> but Red Hat obviously picks and chooses: Firefox and Thunderbird
>>>> are typically left unpatched.
>>>>
>>>> Is there some repo out there for Firefox and Thunderbird to
>>>> fills the gap? Or, should I go back to using the binaries
>>>> from releases.mozilla.org <http://releases.mozilla.org>?
>>>>
>>>> Many thanks,
>>>> -T
>>
>>
>> On 04/24/2016 07:13 PM, Stephen John Smoogen wrote:
>>>
>>> Why do you think they are unpatched? The Firefox and Thunderbird are
>>> based off the upstream extended release cycle versions and not the
>>> latest type. So the security fixes which are in ESR are there but new
>>> features are not. If you need new features then you will need to work
>>> from the upstream tar balls
>>
>>
>> Hi Steven,
>>
>> That is just wishful thinking. As vulnerabilities are discovered
>> they are not added to the ESR, or if the are, we don't see them.
>> Have you seen a single update come through to the current ESR?
>> It is set and forget. EL picks and chooses what they will keep
>> up to date. Firefox and Thunderbird ain't one of them.
>>
>> Do you know of a repo that does keep Firefox and Thunderbird
>> up to date? Or am I stuck with the binaries?
>>
>> -T
>>
>
>
> We are currently 38.7.0 ESR. As far as ESR goes, it is on
> 45.0
>
> http://releases.mozilla.org/pub/firefox/releases/45.0esr/
>
> Pick and choose.
This is one of the reasons I tend not to use SL, or the upstream RHEL,
for GUI's. Fedora for bleeding edge features, SL or other RHEL
variants for stable servers.
Backporting stable versions of upstream releases is tricky, awkward
work, and often sensitive to new dependency requirements. I'm dealing
with this right now trying to bckport Samba 4.4.x to SL 7, and I used
to do this for Subversion. It's not pretty with tools that introduce
new bleeding edge library requirements.
|