1 |
On Mon, Dec 19, 2016 at 06:43:53PM +0100, Miroslav Rovis wrote |
2 |
|
3 |
> And whether the NSS that Pale Moon uses is fine, maybe some of the devs |
4 |
> can tell us, I apologize for for having made too hasty and very probably |
5 |
> wrong conclusion in regard... |
6 |
|
7 |
See the 2nd post in https://forum.palemoon.org/viewtopic.php?t=8971 |
8 |
|
9 |
Moonchild (the lead developer) |
10 |
> The moment I am given access to the MozSec bugs after each 6-week |
11 |
> release, I perform a full security audit on the bugs and code |
12 |
> for applicability. If a vulnerability exists in Pale Moon that is |
13 |
> addressed by these bugs, it is patched in the next release, with |
14 |
> chemspill releases for urgent security issues pushed out asap in a |
15 |
> point release. |
16 |
|
17 |
There is some informal slang here that you may not understand... |
18 |
* "chemspill" ==> an emergency similar in nature to a hazardous chemical |
19 |
spill, requiring immediate response |
20 |
* "asap" ==> an acronym for "As Soon As Possible" |
21 |
|
22 |
3rd post in same thread |
23 |
Matt Tobin (developer) |
24 |
> One thing to keep in mind is that just because there is a vulnerability |
25 |
> in a codebase doesn't mean that there always was a vulnerability. As |
26 |
> most know, Mozilla has been rewriting code (refactoring) at a rabid |
27 |
> pace and has actually introduced more security flaws just by |
28 |
> refactoring and rewriting the code badly than were previously there |
29 |
> in the older incarnation of a chunk of code. |
30 |
|
31 |
Short summary... |
32 |
* Pale Moon is an independant fork |
33 |
* Pale Moon started out with a snapshot of Firefox code |
34 |
* Pale Moon has made its own set of changes |
35 |
* Mozilla (Firefox) has made a different set of changes |
36 |
* the two browsers' source code is different enough that a problem that |
37 |
affects Firefox may not affect Pale Moon; see... |
38 |
https://forum.palemoon.org/viewtopic.php?f=1&t=13984 |
39 |
* if there are real problems, there are point releases. That's one |
40 |
reason why Pale Moon 27.0.1 and 27.0.2 and 27.0.3 have been released. |
41 |
E.g. see "Security-related and crash fixes:" in |
42 |
https://forum.palemoon.org/viewtopic.php?f=1&t=14223 |
43 |
|
44 |
-- |
45 |
Walter Dnes <waltdnes@××××××××.org> |
46 |
I don't run "desktop environments"; I run useful applications |