On Thu, 19 Feb 2009, Tim Zingelman wrote:
On Thu, 19 Feb 2009, OBATA Akio wrote:On Thu, 19 Feb 2009 19:13:30 +0900, Thomas Klausner <wiz%netbsd.org@localhost> wrote:On Thu, Feb 19, 2009 at 09:47:10AM +0100, Martin Husemann wrote:It is not maintained any more, so an increasing security risk - I don't thinkwe do anyone a favour in still distributing it.If this is official, please add an entry to eol-packages and pkg-vulnerabilities.It is already noted in both files.Patches are available for firefox 2.0.0.20 to fix the latest security issues reported:CVE-2009-0355 CVE-2009-0356 CVE-2009-0357 http://www.freebsd.org/cgi/cvsweb.cgi/ports/www/firefox/files/ patch-ff-380418 patch-ff-460425 patch-ff-466937I am happy to generate patches for the package to incorporate them and bump the version to 2.0.0.20.In particular, if www/firefox3 will not be moved to www/firefox I'd argue that keeping the old package around a little while longer is justifiable.I have yet to get a build of firefox3 from pkgsrc that is stable on solaris 10 sparc... (or FreeBSD 6.3 x86 for that matter.)
I am in no hurry to remove firefox2, but maybe we should leave
firefox3 as www/firefox3 and rename firefox2 to www/firefox2 ?
--
David/absolute -- www.NetBSD.org: No hype required --