Slashdot Mirror
10-Day Patch Guarantee Not Mozilla's Policy
narramissic writes "Mozilla has officially backpedaled from a pledge made at Black Hat by the company's director of ecosystem development, Mike Schaver, to fix any critical security bugs in the browser within 'Ten ****ing Days.' On Friday, Mozilla security chief Window Snyder wrote in a blog posting that the 10-day pledge is not Mozilla's policy, saying 'We do not think security is a game, nor do we issue challenges or ultimatums.' And today, the open source browser maker issued a statement retracting the pledge."
And he's already explained how his comment got out of hand and what he really meant by it.
Upon hearing the news of this "flip-flopping," President Bush confidently stepped in for the Mozilla group and challenged the black hats to "bring it on."
Your ad here. Ask me how!
Glad you enjoyed the party, Robert. To clarify, I was making a personal commitment, not a Mozilla one, that you could redeem that card if there was a vulnerability that you believed needed to be turned around in 10 days. I didn't consider at the time that it would be taken as a Mozilla policy statement -- even *I* don't make new policy announcements at late-night parties in Vegas
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
...we still have companies like Google that can set good examples.
If your post isnt a troll, perhaps it is a poor attempt at humor.
Mozilla welcomes vulnerability information so that it can address them
Mozilla is pretty quick to address vulnerabilities
MS wont even admit to a vulnerability unless enough of a stink has been made that the world already knows about it.
MS has often ignored serious vulnerabilities until they deemed it necessary to resolve them (see previous point for definition of "necessary")
Dont worry, Mozilla has a long way to go before they slip as far as MS...
StarTrekPhase2 - The Five Year Mission Continues!
The Debian thing is not a strike against Mozilla. Their stance is correct and clear. You can't have someone else using your trademark to cover something that they are supporting.
That wasn't really the problem, I think there were a few disagreements on some defaults Debian had set, but in general I don't think Mozilla would have any problem rubbing-stamping it like they do with other distros' versions. Where it really broke down wasn't really a practical problem, it was more policy vs policy.
Mozilla's policy is that they must approve anything using the trademarked name and logo, so that they can stop bad versions with spyware, adware and such.
Debian's policy is that they must be able to apply security parches immidiately without approval from any third parties.
In themselves, both admirable policies but the road to hell is paved with good intentions. In practise there wouldn't have been any problem getting security patches into Debian's version in a timely fashion with Mozilla's blessing, but one of the policies would have to make an exception. Neither Mozilla nor Debian were willing to bend on their principles, and so Iceweasel was born. Yes, it's a policy aberration but I don't feel one side was being more unreasonable than the other.
Live today, because you never know what tomorrow brings
Are the censored four letters "work"?
I mod down anyone who says "I will be modded down for this", regardless of the rest of their comment
As an aside, it always seems the network and hardware geeks are the ones who smoke pot, and the database and BSD guys who like their vodka. The C/C++/Java programmers (this is my category, usually) are chain smokers - Marlboro Reds in a soft pack style, and caffeine junkies. How many of you have a Mountain Dew can that you're drinking next to an empty Mountain Dew can - and both are still cold to the touch? Yeah - all the programmers.
And the Mac guys generally seem to be clean cut replicas of Jeff Goldblum, for the most part. They're health conscience, and probably taking on a good number of sunshine units from those freakin' 45 inch MacBook Pro screens as they tend to be fans of irony. Mac guys also probably currently have a half gallon of water, in a jogging harness, on their desks right now... probably the cleanest desks on
Oh, and I think the Amiga guys are in to acid or something - that's why they've been in their garages for the last 15 years hacking away. Poor guys don't even know their wife unplugged the monitor 3 years ago.
If I mod you up, it doesn't necessarily mean I agree with what you've said, sorry.
Once Konqueror gets a Windows build, it's game-over for Firefox. It's a better browser - it just hasn't, until recently, run on Windows.
I happen to agree it's a much better browser, and a very good file manager, among other things, BUT there's nothing to make me think that once it becomes popular enough, the exact same thing won't happen to it. Popular software gets sucked into the corporate venus fly trap faster than a trailer park gets sucked into a tornado. The nice thing about all this open source though, is that nobody can claim exclusivity. We can always make something similar, a little bit better, and put a different name on it. I was under the impression that's the idea behind GPL and BSD and Creative Commons, etc. to begin with. So we can simply forget about the guy who takes a wrong turn, instead of following him over the cliff.
What?
That's totally... like, INSIGHTFUL!
Most Geeks feel very lucky if they get laid once a month or so.
Is that an Earth month?