Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mozilla Uncooperative With OSS Groups on Security?

Posted by CmdrTaco on from the working-the-bugs-out dept.

An anonymous reader writes "In response to Firefox lead developer Ben Goodger's claim that "redistributions of the official Mozilla releases are never going to give you security updates as quickly as Mozilla", Christopher Aillon of Red Hat says that this is only because Mozilla doesn't play by the same rules as other OSS projects. He says that while other OSS projects work with vendors to achieve simeltaneous releases of patched software, Mozilla does no such thing unless compelled to do so."

7 of 239 comments (clear)

  1. Why is this a bad things? by afd8856 · · Score: 5, Interesting

    They may want to release the updates earlier, without waiting for whatever linux/bsd distro to updated their packages.

    And it seems fair to me. If I run fedora, for example, if I'm concerned about security, I can always download and install their binary package. Because, for example, I couldn't find an updated rpm for firefox 1.0.4 (only a spec file)

    --
    I'll do the stupid thing first and then you shy people follow...
  2. Nor should it have to. by Trillan · · Score: 5, Insightful

    Priorities are not the same all over, and Mozilla should be focused on supporting their users. Those several days of warning are extra days of end-user vulnerability. As a Firefox user, I would feel my trust was misplaced if they did something else..

    One other comment:

    indirectly -- it still displays their branding

    Correct me if I'm wrong, but other builds are not supposed to use Mozilla's branding anyway. The PowerPC G4-optimized build of Firefox contains only compiler/linker changes, and apparently can not use the same icon.

  3. Making a story that isn't there. by Anonymous Coward · · Score: 5, Insightful

    Those links seemed almost like the biggest non-articles ever to hit Slashdot. I asked myself... "is that it?" Links to some petty blog nonsense, basically.

    Mozilla's problems aside, Aillon's point is stupid. Stupid as that picture of him imitating the Matrix, or whatever the hell he is doing. Basically, there doesn't seem to be any meat here, any story. Good work saving Slashdotters the time of RTFA-ing, because in this case, reading the article wouldn't have made any difference.

  4. Re:I'm not sure I agree with this... by Husgaard · · Score: 5, Interesting
    I understand why Mozilla does not want to delay security updates. Of course Redhat would like that at it would look like they are less behind on security updates.

    Unfortunately it looks like Redhat has persuaded other Open Source projects to delay their security updates.

    And now Redhat is using these other Open Source projects to attempt to pressure Mozilla into also delaying their security updates by claiming that Mozilla doesn't play by the rules.

    Shame on Redhat.

  5. But Mozilla IS the vendor for most people by Curmudgeonlyoldbloke · · Score: 5, Insightful

    I suspect that the vast majority of Firefox users are on Windows (simply because the majority of computer users are). They don't have the luxury of up2date or an apt-get repository and have to go to each non-Windows vendor to obtain updates. Why should Mozilla wait for someone maintaining a repository for a minority of their users before releasing an update for the majority?

    I'm sure that's the offical position, anyway. And of course they want to drive traffic to their site, and make a big deal about counting downloads.

  6. Re:Secrecy? by gclef · · Score: 5, Insightful

    Honestly, Mozilla is in a lose/lose situation here.

    If they hold on to fixes until all the distros are ready, they get beat up for slow patch times compared to MS. If they release immediately, they get beat up by the distros for not coordinating with them.

    I think this is coming up because Moz is one of the first high-profile OSS projects to support both Linux/BSD and Windows. If this were (like most other Linux/BSD apps) an OSS-OS only app, then the lack of coordination would be a real issue. But, for the Windows folks, there isn't a distro to coordinate with, so Moz has to release as soon as possible. I'm with Moz on this, honestly.

  7. Context... Context... Context... by TigerX · · Score: 5, Insightful

    This article rips Ben Gooder's words so far out of context that it is not even funny...

    Here's the original sentence with the quoted portion bolded:
    If security is important to you, this demonstration should show that browsers that are redistributions of the official Mozilla releases are never going to give you security updates as quickly as Mozilla will itself for its supported products.

    The context of Ben's blog post was the final release of the Netscape 8.0 browser which was based on top of the Firefox 1.0.3 source code. Ben was merely pointing out that this left the Netscape users open to attack. Netscape promptly released 8.0.1 built on the Firefox 1.0.4 code.

    Mozilla is fulfilling its obligation to its users by producing quality secure products, not pandering to an OSS "community" which seem more intent on arguing about every minute detail rather than change the way things are done.

    To that end, Go Mozilla!