1 |
On Fri, Jul 28, 2006 at 11:23:26AM -0400, Rod Moffitt wrote: |
2 |
> >> For the first time in 3 years I am installing firefox from the moz site |
3 |
> >> and uninstalling the ebuild - I recommand everyone do that ASAP until the |
4 |
> >> gentoo devel wake up and realize how serious this is and fix the ebuild. |
5 |
> > |
6 |
> >You know, you are more than welcome to contribute an ebuild for the new |
7 |
> >firefox rather than bitching that we're too slow. As for why we're so slow |
8 |
> >(as you put it...didn't the new version just come out yesterday?), the |
9 |
> >primary maintainer for all of the Mozilla stuff (firefox, mozilla, |
10 |
> >seamonkey, thunderbird, etc.) quit about 2 weeks ago. We've been trying to |
11 |
> >find someone to step up and take permanent maintainership, but until then, |
12 |
> >the "backup maintainers" are busy people and will get to it when they have |
13 |
> >time. |
14 |
> |
15 |
> I don't believe that I was 'bitching'. I was merely stating that this was |
16 |
> a serious issue and that it should be addressed as soon as possible. |
17 |
> |
18 |
> I have complete empathy for the situation, however no distro (commercial |
19 |
> or community based) can simply use as an excuse that the person who is |
20 |
> responsible is gone/on vacation/insert reason for not being there. This |
21 |
> isn't a new feature request, this is a major vulnerability we are talking |
22 |
> about. |
23 |
Oh yes, we can. Gentoo is an all volunteer driven distribution and we |
24 |
all have jobs/school/other crap that comes before Gentoo work. Doesn't |
25 |
matter if there's a security vulnerability or not. |
26 |
|
27 |
That said we'll get to it as fast as possible (people, including myself |
28 |
are currently working on all the mozilla stuff). But we're sure as hell |
29 |
not calling in sick at work or something like that just to live up to |
30 |
your misguided expectations. |
31 |
> |
32 |
> Not only will gentoo suffer because the users will be affected by this, |
33 |
> yet one of the major benefits of an open-source os such as gentoo/linux is |
34 |
> that responses to security holes are generally very quick (this is often a |
35 |
> comparison point between linux and windows). |
36 |
And how is one or two days not fast response? The mozilla herd have only |
37 |
been cc'ed on the bug one day which doesn't give us much chance of |
38 |
responding. |
39 |
|
40 |
Regards, |
41 |
Bryan Østergaard |
42 |
|
43 |
PS. Sorry if my answer is rude and/or impolite but I take offensive when |
44 |
random people claim we're doing a poor job when in fact we're working as |
45 |
fast as possible solving the problem. |
46 |
-- |
47 |
gentoo-security@g.o mailing list |