Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
LWN.net Weekly Edition for May 9, 2013
(Nearly) full tickless operation in 3.10
Firefox 3.0.12 released
Posted Jul 22, 2009 22:01 UTC (Wed) by joedrew (guest, #828)
Precisely that sort of thing happened recently with the Firefox 3.5 JIT bug - we let people know there was a critical bug, let them know how to mitigate that bug in the mean time, and had a fixed release out in less than 2 days. And yes, not closing the bug put our users at risk.
Anyways, I have started the discussion on opening bug 459906 among the security folk at Mozilla (I am only peripherally involved in that group), and it will hopefully be opened before long.
Posted Jul 23, 2009 9:58 UTC (Thu) by roc (subscriber, #30627)
At least we do open all our bugs sooner or later, generally as soon as we can. All other browser developers keep their security bugs in closed bug systems and never reveal them.
Posted Jul 23, 2009 18:41 UTC (Thu) by jwb (guest, #15467)
It might be nice if the Bugzilla page could give me at least some useful information. For example it should tell me the severity of the vulnerability and its status in the trunk and each of the release branches. Then I would at least be able to think about the risk rationally.
Posted Jul 24, 2009 0:21 UTC (Fri) by roc (subscriber, #30627)
But again, we're miles better than our competition in this department. I don't know of any project that supports partial bug revelation.
Posted Jul 23, 2009 10:01 UTC (Thu) by roc (subscriber, #30627)
At least we do open all our bugs sooner or later, generally as soon as we can. All other browser developers keep most of their security bugs in closed bug systems and never reveal them.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds