On Fri, Jul 28, 2006 at 11:23:26AM -0400, Rod Moffitt wrote: > >> For the first time in 3 years I am installing firefox from the moz site > >> and uninstalling the ebuild - I recommand everyone do that ASAP until the > >> gentoo devel wake up and realize how serious this is and fix the ebuild. > > > >You know, you are more than welcome to contribute an ebuild for the new > >firefox rather than bitching that we're too slow. As for why we're so slow > >(as you put it...didn't the new version just come out yesterday?), the > >primary maintainer for all of the Mozilla stuff (firefox, mozilla, > >seamonkey, thunderbird, etc.) quit about 2 weeks ago. We've been trying to > >find someone to step up and take permanent maintainership, but until then, > >the "backup maintainers" are busy people and will get to it when they have > >time. > > I don't believe that I was 'bitching'. I was merely stating that this was > a serious issue and that it should be addressed as soon as possible. > > I have complete empathy for the situation, however no distro (commercial > or community based) can simply use as an excuse that the person who is > responsible is gone/on vacation/insert reason for not being there. This > isn't a new feature request, this is a major vulnerability we are talking > about. Oh yes, we can. Gentoo is an all volunteer driven distribution and we all have jobs/school/other crap that comes before Gentoo work. Doesn't matter if there's a security vulnerability or not.
That said we'll get to it as fast as possible (people, including myself are currently working on all the mozilla stuff). But we're sure as hell not calling in sick at work or something like that just to live up to your misguided expectations. > > Not only will gentoo suffer because the users will be affected by this, > yet one of the major benefits of an open-source os such as gentoo/linux is > that responses to security holes are generally very quick (this is often a > comparison point between linux and windows). And how is one or two days not fast response? The mozilla herd have only been cc'ed on the bug one day which doesn't give us much chance of responding. Regards, Bryan Østergaard PS. Sorry if my answer is rude and/or impolite but I take offensive when random people claim we're doing a poor job when in fact we're working as fast as possible solving the problem. -- gentoo-security@gentoo.org mailing list
