[OpenIndiana-discuss] Firefox security

Jim Klimov jimklimov at cos.ru
Sun Nov 18 18:19:23 UTC 2012


On 2012-11-18 18:00, cpforum wrote:
> Firefox, Java and Thunderbird are very old releases. Gnome Desktop is not maintened and applications like OpenOffice, Flash, Adobe Reader, etc. are 2 or 3 years old with a lot of known security holes.

Speaking of which: some of these projects are opensource, others
are proprietary - even if distributed by authors for free.

Is there any lineup of such products as Java, Adobe Reader and
Flash, OpenOffice or its more current descendants, Mozilla stuff,
VirtualBox (GPL half, at least) - what may be redistributed how?

For example, whenever a new JDK/JRE comes out, can we publish its
files into the OI IPS repo as a new version of the appropriate
package, or the license states that the end-user must download
the software from original vendor's site (like in VBox PUEL)?

I don't think it is a fundamental problem to fire up a repository
of third-party software which would suck in and republish as IPS
the tarballs and packages made by other projects (like Mozilla,
Java, VirtualBox, etc.etc.etc.) - if we know we're not to be sued
for making such a repo. Possibly this can be done as part of the
existing SFE or SFE-encumbered repos (skipping the manual build
part by the repo maintainer)?

For projects with well standardized releases, sucking-in of the new
versions can be quite automated (similar to spec files or recipes
in the userland gate), and end-users would have a simple automated
means of receiving the new software in a timely manner...

My 2c,
//Jim




More information about the OpenIndiana-discuss mailing list