LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

April 2016

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS April 2016

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Firefox and Thunderbird unpatched question
From:	ToddAndMargo <[log in to unmask]>
Reply To:	ToddAndMargo <[log in to unmask]>
Date:	Mon, 25 Apr 2016 00:33:44 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (76 lines)

On 04/24/2016 08:30 PM, Nico Kadel-Garcia wrote:
> On Sun, Apr 24, 2016 at 10:51 PM, ToddAndMargo <[log in to unmask]> wrote:
>> On 04/24/2016 07:43 PM, ToddAndMargo wrote:
>>>>>
>>>>> On Apr 24, 2016 20:32, "ToddAndMargo" <[log in to unmask]
>>>>> <mailto:[log in to unmask]>> wrote:
>>>>>
>>>>>      Hi All,
>>>>>
>>>>>      Seems like SL7 is not keeping up with Firefox and Thunderbird
>>>>>      updates anymore.  EL Linux is suppose to keep up with security
>>>>> updates
>>>>>      but Red Hat obviously picks and chooses: Firefox and Thunderbird
>>>>>      are typically left unpatched.
>>>>>
>>>>>      Is there some repo out there for Firefox and Thunderbird to
>>>>>      fills the gap?  Or, should I go back to using the binaries
>>>>>      from releases.mozilla.org <http://releases.mozilla.org>?
>>>>>
>>>>>      Many thanks,
>>>>>      -T
>>>
>>>
>>> On 04/24/2016 07:13 PM, Stephen John Smoogen wrote:
>>>>
>>>> Why do you think they are unpatched? The Firefox and Thunderbird are
>>>> based off the upstream extended release cycle versions and not the
>>>> latest type. So the security fixes which are in ESR are there but new
>>>> features are not. If you need new features then you will need to work
>>>> from the upstream tar balls
>>>
>>>
>>> Hi Steven,
>>>
>>> That is just wishful thinking.  As vulnerabilities are discovered
>>> they are not added to the ESR, or if the are, we don't see them.
>>> Have you seen a single update come through to the current ESR?
>>> It is set and forget.  EL picks and chooses what they will keep
>>> up to date.  Firefox and Thunderbird ain't one of them.
>>>
>>> Do you know of a repo that does keep Firefox and Thunderbird
>>> up to date?  Or am I stuck with the binaries?
>>>
>>> -T
>>>
>>
>>
>> We are currently 38.7.0 ESR.  As far as ESR goes, it is on
>> 45.0
>>
>> http://releases.mozilla.org/pub/firefox/releases/45.0esr/
>>
>> Pick and choose.
>
> This is one of the reasons I tend not to use SL, or the upstream RHEL,
> for GUI's. Fedora for bleeding edge features, SL or other RHEL
> variants for stable servers.
>
> Backporting stable versions of upstream releases is tricky, awkward
> work, and often sensitive to new dependency requirements. I'm dealing
> with this right now trying to bckport Samba 4.4.x to SL 7, and I used
> to do this for Subversion. It's not pretty with tools that introduce
> new bleeding edge library requirements.
>


Here is a good chart on the ESR's (Extended Support Release):

https://www.mozilla.org/en-US/firefox/organizations/faq/

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Computers are like air conditioners.
They malfunction when you open windows
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV