[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: If FOSS isn't your number one concern, why use IceCat?
|
From: |
Mark H Weaver |
|
Subject: |
Re: If FOSS isn't your number one concern, why use IceCat? |
|
Date: |
Sun, 17 Nov 2019 14:19:06 -0500 |
Hi Philip,
Haniho Dude <address@hidden> wrote:
> It has been 6 months since the last build and if my experience with
> the previous build is anything to go by, this means that IceCat will
> be behind Firefox ESR in terms of security updates. It is impossible
> for any such browser to be secure and therefore I cannot believe that
> IceCat protects my privacy.
I agree that upstream IceCat has had a terrible record in recent years
for issuing timely security updates, and that this is a very severe
problem.
However, I also have some good news:
* For the last 5 years, I've been keeping the IceCat package in GNU Guix
consistently up-to-date w.r.t. to security fixes from Mozilla,
typically within a couple of days of Mozilla's release. For a few
years I did so by cherry-picking security fixes from the upstream
Mozilla source code repository, but more recently I've taught Guix how
to run 'makeicecat' on the latest Firefox ESR source tarball. I
invite you to examine my record of updates to GNU Guix and compare it
with Mozilla's security advisories:
https://git.savannah.gnu.org/cgit/guix.git/log/?qt=grep&q=gnu%3A+icecat%3A
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
GNU Guix can be used to produce an up-to-date IceCat source tarball
that (I hope) should build on any system that IceCat supports. At
present, Guix contains a preliminary preview version of IceCat-68.2.
* I've recently been appointed as co-maintainer of the IceCat project,
so the security work that I've been doing for the past 5 years in Guix
will henceforth be done for upstream IceCat.
* Mike Gerwitz and Amin Bandali have also recently been appointed as
co-maintainers, so the bus factor of the IceCat project is now much
improved.
I'm currently focused on fixing the remaining issues in the IceCat-68.2
preview. When that's done, hopefully in the next week or two, we'll
make an official IceCat-68.2 release, and I assure you that IceCat will
henceforth produce security releases in a timely fashion.
Mark
- If FOSS isn't your number one concern, why use IceCat?, Haniho Dude, 2019/11/15
- Re: If FOSS isn't your number one concern, why use IceCat?, Narcis Garcia, 2019/11/16
- Re: If FOSS isn't your number one concern, why use IceCat?,
Mark H Weaver <=
- Re: If FOSS isn't your number one concern, why use IceCat?, Johannes Marbach, 2019/11/17
- Re: If FOSS isn't your number one concern, why use IceCat?, Haniho Dude, 2019/11/20
- Re: If FOSS isn't your number one concern, why use IceCat?, Narcis Garcia, 2019/11/20
- Re: If FOSS isn't your number one concern, why use IceCat?, Mark H Weaver, 2019/11/20
- Re: If FOSS isn't your number one concern, why use IceCat?, Haniho Dude, 2019/11/21