What happened to hiring an architect?

Ben Bucksch ben.bucksch at beonex.com
Mon Dec 19 22:34:38 UTC 2016


Normally we don't do "me too", but given that rkent is actually seriously arguing it: 

What magnus said. exactly that.

"mememe, i close my eyes, so you're there" doesn't work when you have 25 million users.

Ben




Am 17. Dezember 2016 13:10:14 MEZ, schrieb Magnus Melin <mkmelin+mozilla at iki.fi>:
>On 16.12.2016 17:24, Disaster Master wrote:
>> On 12/15/2016 7:02 PM, R Kent James <kent at caspia.com> wrote:
>>> Postbox's new release is on Gecko 7.0.1, which is now over 5 years
>old. I have not heard any great outcry about their security issues, and
>someone on this list (...cough..  BK...cough..ensa) keeps telling us
>what a great product that is, and how popular it is in Mozilla. So
>clearly forking Gecko is a CHOICE, and if people at Mozilla are using
>it then some people at Mozilla must not care that it is based on old
>Gecko, either.
>>
>> This supports my feeling that the security risks are actually much 
>> smaller for TB than they would be for, for example, Pale Moon.
>
>The security risks are very present, you're just living on hope 
>thatnobody bothers to target you. Just to put things in numbers: there 
>have been 96 security advisories from Mozilla this year alone. So with 
>Gecko 7.0.1 (from 2011) there are virtually hundreds of holes just 
>looming along in Postbox. These are so old security bugs that they are 
>public by now, many with explicit instructions...
>
>>
>>> You don't like that choice, and neither do I, but it is clearly an
>option.
>>
>> And using this as an example, if it was forked, say, in a years time,
>
>> then TB could theoretically be OK for a number of years after that, 
>> even as many as 5 or more.
>
>Hardly. If you make it easy, Thunderbird is large enough to be an 
>interesting attack target.
>
>  -Magnus
>
>
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>tb-planning mailing list
>tb-planning at mozilla.org
>https://mail.mozilla.org/listinfo/tb-planning

-- 
Sent from my mobile phone. Please excuse the brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/tb-planning/attachments/20161219/f528eddd/attachment.html>


More information about the tb-planning mailing list