Re: [Bug-gnuzilla] Is IceCat 24.0 secure?

[Mauricio Fernandez Vitri]

I'm glad you liked the idea, Loic. I'm sure it's useful and important
and I'd like to help.

I could send you updates about the security status of Firefox. It
wouldn't be a complicated task, since Mozilla uploads all the info to
two pages [1][2].

It would just be a matter of paying attention as to when the release
of the newest Firefox version (release and ESR) takes place. That's
when they update these lists.

I'm not sure yet what would be the best way to structure the GNUzilla
versions/security page.

For example, since latest IceCat version is 24.0, when you release
IceCat 27.0.1, does it sound reasonable to add a list with all the
bugfixes from Firefox 25, 25.0.1, 26, and 27 under the title "Fixed in
IceCat 27.0.1"?

Should I send you this to your email address directly or to this list?
In HTML or plain text? I think the colors and general layout of the
aforementioned web pages are adequate. It wouldn't involve much more
than copying and pasting and replacing Firefox with IceCat, so I don't
really know if you would need my help at all.

Regards,

Mauricio

[1] http://www.mozilla.org/security/known-vulnerabilities/firefox.html
[2] http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html

On Tue, Mar 4, 2014 at 12:31 AM, Loic J. Duros <address@hidden> wrote:
>
> Great idea. It would be nice to have this. Would you like to volunteer
> and, in the future, regularly send me an email with the list of
> fixes/security status so that I can post on a page in
> http://gnu.org/s/icecat
>
> Building the next IceCat and LibreJS keep me busy enough, so more help,
> not just development, but such work as documenting, as you suggest,
> would be extremely helpful!
>
> I don't think the gnu.org offers an easy way to securely allow someone
> to post content on a single page only, unfortunately, but maybe it will
> be worth at some point to set up a simple wiki app, even if a lot of the
> documentation would actually end up linking to mozilla.org.
>
> Thanks again for your suggestion!
>
> Loic
>
>
> Mauricio Fernandez Vitri <address@hidden> writes:
>
>> That's good to know.
>>
>> It would be nice to see information about future (and past) versions
>> and their security status in the main GNUzilla web site. This way
>> everyone would know which version is secure and which one isn't, so
>> they won't just use a free web browser, but a secure one also.
>>
>> On Mon, Mar 3, 2014 at 5:28 PM, Loic J. Duros <address@hidden> wrote:
>>>
>>> We're working on the release of IceCat based off 27.0.1, actually.
>>>
>>>
>>> Mauricio Fernandez Vitri <address@hidden> writes:
>>>
>>>> Hello,
>>>>
>>>> I've done some research and found that there are security updates
>>>> which fix more than 14 critical bugs for Firefox ESR [1].
>>>>
>>>> Aren't those critical bugs important enough to update IceCat? Would
>>>> you please consider updating it to the latest ESR?
>>>>
>>>> Thanks for your work,
>>>>
>>>> Mauricio
>>>>
>>>> [1] http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
>>>>
>>>> --
>>>> http://gnuzilla.gnu.org
>>
>> --
>> http://gnuzilla.gnu.org