[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Thu, 20 Mar 2008 13:29:51 +0000 Tom Potts <tompotts@xxxxxxxxxxxxxxxxxxxx> wrote: > On Thursday 20 March 2008 11:27, Robin Cornelius wrote: > > Even if all other fixes/patches are removed, not being able to apply > > security fixes is a *showstopper* and i would rather have it rebadged > > than not have security updates and patches. > Yes but I can still run Firefox on my Debian system should I choose to. Users can run non-free if they want to - no security support there at all. Doesn't mean that Debian doesn't try to help but Debian is not in the game of preventing users doing things, even harmful things. (If you want that kind of approach, try gNewSense). > If they were truly interested in security then NO non deb packages would be > allowed. Bumkum. When is a package just a script that someone wrote themselves? There are hundreds of packages that consist of a collection of bash or perl scripts. What about upstream packages? I run non-Debian software all the time because I'm *writing it upsteam* and it isn't ready yet. All my own software is ahead of Debian, it only catches up when I make a release. Debian's security support is widely acknowledged and respected. > And while I havent actually used iceweasel it must be really > irritating to have a browser that disables itself everytime a vulnerability > is found. I use iceweasel a lot (not as much as epiphany-browser) and it does not disable itself. It is patched *before* firefox. Where on earth did you get that crazy idea? Debian has iceweasel so that iceweasel can be patched by Debian without delay. iceweasel is a security solution for the problems in firefox. If Debian toed the Mozilla line, then, yes, Debian would have to disable Firefox until the security patches got approval from mozilla.org. Imagine what a farce that would be. Mozilla are basically saying: "Thou shalt not patch before us." Ludicrous idea and completely non-free. > While a security problem in a web browser on M$ can be a showstopper, on a > linux box they should not be anything other than an annoyance or do you > regularly 'sudo iceweasel'? Security is always important - yes, protection from having a robust 'root' user system is good but user data needs security protection too, especially stuff like browser history, website logins and passwords. > But they forked - theres no other way of putting it. M$ speak from the FLOSS > community is worrying. Your misinterpretation of the events is worrying. Forks are *GOOD* for FLOSS. There would be no FLOSS without forks. Every successful FLOSS project should be forked at least once. Every unsuccessful FLOSS project should be forked again until it can be successful or until the object of the software is completely redundant. In the end, the successful forks will feed back into the others and everyone benefits. This is how distributions have always worked, right back to the days of Slackware. Distributions are forks - each and everyone has forked a large percentage of the software. We have to fork it, random collections of upstream code do not simply "work", they need to be modified to form a cohesive whole. Even gentoo has multiple forks. So far, I've personally forked over 250 projects. I plan to reintegrate about 200 of those with the upstream as and when I get the fork doing what I want it to do. A fork is just another way of saying a patch. During the development of the patch, you build, test and install a fork. If the patch gets accepted, the fork is not pursued and the next upstream replaces the forked package. Simple. If Mozilla come to their senses, iceweasel can be replaced by firefox within 24hrs, but not until firefox is genuinely free software. > I run 3 different versions of Firefox - which one do you want rebranding? Any and all that are not exclusively downloaded from mozilla.org. The others have been distributed illegally (according to Mozilla) as soon as any part of the codebase is changed without permission because distribution infringes the trademark. In most ways that matter, firefox from Mozilla is not free software and never was - you can only distribute modified versions with explicit permission for each and every change. Only iceweasel is free because it is not encumbered by the Firefox name and trademark. Even the trademark is not the problem here, it is the attitude from Mozilla that says that patches have to be approved. The main principle of free software is that I do not have to ever ask permission from anybody before modifying the code and distributing the resulting binaries under precisely the same licence and package name as the original. Yes, if I fundamentally change the purpose of the program then a name change is strongly recommended but security patches are not that fundamental. Other companies use trademarks but none have been so brain dead as mozilla. -- Neil Williams ============= http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/
Attachment:
pgpBwRtZNRQ0Q.pgp
Description: PGP signature
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html