Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: Walter Dnes <waltdnes@××××××××.org>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Reading the (SSL) traffic with Pale Moon
Date: Mon, 19 Dec 2016 23:33:56
Message-Id: 20161219233337.GA15948@waltdnes.org
In Reply to: Re: [gentoo-user] Reading the (SSL) traffic with Pale Moon by Miroslav Rovis
1 On Mon, Dec 19, 2016 at 06:43:53PM +0100, Miroslav Rovis wrote
2
3 > And whether the NSS that Pale Moon uses is fine, maybe some of the devs
4 > can tell us, I apologize for for having made too hasty and very probably
5 > wrong conclusion in regard...
6
7 See the 2nd post in https://forum.palemoon.org/viewtopic.php?t=8971
8
9 Moonchild (the lead developer)
10 > The moment I am given access to the MozSec bugs after each 6-week
11 > release, I perform a full security audit on the bugs and code
12 > for applicability. If a vulnerability exists in Pale Moon that is
13 > addressed by these bugs, it is patched in the next release, with
14 > chemspill releases for urgent security issues pushed out asap in a
15 > point release.
16
17 There is some informal slang here that you may not understand...
18 * "chemspill" ==> an emergency similar in nature to a hazardous chemical
19 spill, requiring immediate response
20 * "asap" ==> an acronym for "As Soon As Possible"
21
22 3rd post in same thread
23 Matt Tobin (developer)
24 > One thing to keep in mind is that just because there is a vulnerability
25 > in a codebase doesn't mean that there always was a vulnerability. As
26 > most know, Mozilla has been rewriting code (refactoring) at a rabid
27 > pace and has actually introduced more security flaws just by
28 > refactoring and rewriting the code badly than were previously there
29 > in the older incarnation of a chunk of code.
30
31 Short summary...
32 * Pale Moon is an independant fork
33 * Pale Moon started out with a snapshot of Firefox code
34 * Pale Moon has made its own set of changes
35 * Mozilla (Firefox) has made a different set of changes
36 * the two browsers' source code is different enough that a problem that
37 affects Firefox may not affect Pale Moon; see...
38 https://forum.palemoon.org/viewtopic.php?f=1&t=13984
39 * if there are real problems, there are point releases. That's one
40 reason why Pale Moon 27.0.1 and 27.0.2 and 27.0.3 have been released.
41 E.g. see "Security-related and crash fixes:" in
42 https://forum.palemoon.org/viewtopic.php?f=1&t=14223
43
44 --
45 Walter Dnes <waltdnes@××××××××.org>
46 I don't run "desktop environments"; I run useful applications

Replies

Subject Author
Re: [gentoo-user] Reading the (SSL) traffic with Pale Moon Miroslav Rovis <miro.rovis@××××××××××××××.hr>
Report Message
Find on MARC Find on Google Groups