| 1 |
On Fri, Jul 28, 2006 at 11:23:26AM -0400, Rod Moffitt wrote: |
| 2 |
> >> For the first time in 3 years I am installing firefox from the moz site |
| 3 |
> >> and uninstalling the ebuild - I recommand everyone do that ASAP until the |
| 4 |
> >> gentoo devel wake up and realize how serious this is and fix the ebuild. |
| 5 |
> > |
| 6 |
> >You know, you are more than welcome to contribute an ebuild for the new |
| 7 |
> >firefox rather than bitching that we're too slow. As for why we're so slow |
| 8 |
> >(as you put it...didn't the new version just come out yesterday?), the |
| 9 |
> >primary maintainer for all of the Mozilla stuff (firefox, mozilla, |
| 10 |
> >seamonkey, thunderbird, etc.) quit about 2 weeks ago. We've been trying to |
| 11 |
> >find someone to step up and take permanent maintainership, but until then, |
| 12 |
> >the "backup maintainers" are busy people and will get to it when they have |
| 13 |
> >time. |
| 14 |
> |
| 15 |
> I don't believe that I was 'bitching'. I was merely stating that this was |
| 16 |
> a serious issue and that it should be addressed as soon as possible. |
| 17 |
> |
| 18 |
> I have complete empathy for the situation, however no distro (commercial |
| 19 |
> or community based) can simply use as an excuse that the person who is |
| 20 |
> responsible is gone/on vacation/insert reason for not being there. This |
| 21 |
> isn't a new feature request, this is a major vulnerability we are talking |
| 22 |
> about. |
| 23 |
Oh yes, we can. Gentoo is an all volunteer driven distribution and we |
| 24 |
all have jobs/school/other crap that comes before Gentoo work. Doesn't |
| 25 |
matter if there's a security vulnerability or not. |
| 26 |
|
| 27 |
That said we'll get to it as fast as possible (people, including myself |
| 28 |
are currently working on all the mozilla stuff). But we're sure as hell |
| 29 |
not calling in sick at work or something like that just to live up to |
| 30 |
your misguided expectations. |
| 31 |
> |
| 32 |
> Not only will gentoo suffer because the users will be affected by this, |
| 33 |
> yet one of the major benefits of an open-source os such as gentoo/linux is |
| 34 |
> that responses to security holes are generally very quick (this is often a |
| 35 |
> comparison point between linux and windows). |
| 36 |
And how is one or two days not fast response? The mozilla herd have only |
| 37 |
been cc'ed on the bug one day which doesn't give us much chance of |
| 38 |
responding. |
| 39 |
|
| 40 |
Regards, |
| 41 |
Bryan Østergaard |
| 42 |
|
| 43 |
PS. Sorry if my answer is rude and/or impolite but I take offensive when |
| 44 |
random people claim we're doing a poor job when in fact we're working as |
| 45 |
fast as possible solving the problem. |
| 46 |
-- |
| 47 |
gentoo-security@g.o mailing list |
Archives