[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-gnuzilla] IceCat and security updates
From: |
Mark H Weaver |
Subject: |
Re: [Bug-gnuzilla] IceCat and security updates |
Date: |
Fri, 03 May 2019 15:48:34 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) |
<address@hidden> writes:
> Currently, the last version of IceCat is 60.3.0 while the last version
> of Firefox ESR is 60.6.1. Doesn't that make IceCat exposed to security
> vulnerabilities
> (https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/)
> already fixed on Firefox?
You're right, and I agree that it's a very serious problem.
In GNU Guix <https://gnu.org/s/guix> we keep our IceCat package
up-to-date by promptly running the 'makeicecat' script on the latest
Firefox ESR release whenever Mozilla issues security updates. We had to
abandon use of the IceCat-provided source tarballs for the reason you
mention.
You could use the IceCat from Guix, or you could run the 'makeicecat'
script yourself to produce an up-to-date IceCat source tarball from the
corresponding Firefox ESR source tarball. You can find 'makeicecat' in
the Gnuzilla git repository, here:
http://git.savannah.gnu.org/cgit/gnuzilla.git
I'm sorry that I don't have a better answer for you.
> Is there any reason why IceCat is skipping updates?
It's due to lack of developer resources.
Mark