[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-gnuzilla] Unpatched security flaws in IceCat

From: mhw
Subject: Re: [Bug-gnuzilla] Unpatched security flaws in IceCat
Date: Thu, 13 Aug 2015 14:02:07 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)

Gary <address@hidden> writes:

> On Aug 12, 2015, Mark H Weaver wrote:
>> So, when can we expect GNU IceCat 38.2 to be released?
> How soon can you post your contributions to the git repo? ;-)

I believe you have misread my words above as a demand for others to do
this work.  That is not the case.  Rather, it is a question intended to
determine whether GNU IceCat is a viable browser that users of GNU Guix
can depend on, or whether we need to consider other options.

I feel strongly about supporting my fellow GNU projects, and that's why
GNU IceCat has been the _only_ modern web browser in Guix until very
recently (someone else added Epiphany), and why IceCat is the browser
I've been using and recommending to others.

I feel strongly enough that I've taken the time to grovel through
Mozilla's upstream repository hunting for security fixes to cherry pick
every time Mozilla releases a new ESR, since it typically takes about
two weeks before the corresponding IceCat is released.  It's non-trivial
work, but I do it because I want to support IceCat.

However, I'm now in a situation where I simply do not have the requisite
knowledge to backport the latest batch of fixes from ESR 38.  I tried,
and was able to backport some of the fixes, but some of them are for
code that has radically changed between ESR 31 and 38.

I also do not have time to produce a major new release of IceCat, so I'm
running out of desirable options.

I feel a responsibility to the users of GNU Guix to not leave their
computers open to attack via widely published vulnerabilities from any
random website.  Unfortunately, I'm no longer able to do that, so for
now I've had to stop using IceCat, and I also felt compelled to warn
Guix users about the situation.

So, again, the reason I asked the question above was not to scold anyone
or make demands, but rather to help me decide how to proceed.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]