bug-gnuzilla
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-gnuzilla] IceCat and security updates

From: Mark H Weaver
Subject: Re: [Bug-gnuzilla] IceCat and security updates
Date: Fri, 03 May 2019 15:48:34 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) 
<address@hidden> writes:

> Currently, the last version of IceCat is 60.3.0 while the last version
> of Firefox ESR is 60.6.1. Doesn't that make IceCat exposed to security
> vulnerabilities
> (https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/)
> already fixed on Firefox?

You're right, and I agree that it's a very serious problem.

In GNU Guix <https://gnu.org/s/guix> we keep our IceCat package
up-to-date by promptly running the 'makeicecat' script on the latest
Firefox ESR release whenever Mozilla issues security updates.  We had to
abandon use of the IceCat-provided source tarballs for the reason you
mention.

You could use the IceCat from Guix, or you could run the 'makeicecat'
script yourself to produce an up-to-date IceCat source tarball from the
corresponding Firefox ESR source tarball.  You can find 'makeicecat' in
the Gnuzilla git repository, here:

  http://git.savannah.gnu.org/cgit/gnuzilla.git

I'm sorry that I don't have a better answer for you.

> Is there any reason why IceCat is skipping updates?

It's due to lack of developer resources.

       Mark
reply via email to
[Prev in Thread] Current Thread [Next in Thread]