[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: misc@openbsd.org

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: misc@openbsd.org
From: Nick Holland <nick_(_at_)_holland-consulting_(_dot_)_net>
Date: Thu, 07 Apr 2005 06:59:20 -0400

tronss-ono wrote:
> Sometimes I see some security bugs in programs like mozilla-firefox and 
> many others and I'm asking myself if they don't really affect OpenBSD 
> because there's no security fixes in 
> http://www.openbsd.org/pkg-stable.html. Is it true or.. why aren 't they 
> updated?.

Bugs are bugs, even if contained by OpenBSD security features.
HOWEVER, Mozilla is one of the least portable "portable" applications
around.  Every new version seems to require a non-trivial new effort at
reworking the port.  It isn't like a one line diff gets applied and
boom, security problems go away...more like a huge diff gets applied,
and boom, functionality goes away...and must be carefully restored.

If you are really concerned about every imaginable security issue,
Mozilla is NOT your tool of choice.  May I recommend Lynx? :)

Nick.

References:
- Generating systrace policy for Expect script
  - From: Kim Onnel
- misc@openbsd.org
  - From: tronss-ono

Prev by Date: Problems with a Linksys WMP11 [wireless setup]
Next by Date: Re: /etc/mk.conf
Previous by thread: Re: misc@openbsd.org
Next by thread: Invitation to Italy, Holland, and Montenegro 2005; c/bb
Index(es):
- Date
- Thread

Visit your host, monkey.org