What happened to hiring an architect?

Wayne Mery vseerror at lehigh.edu
Thu Dec 22 19:06:41 UTC 2016


On 12/22/2016 12:17 PM, Disaster Master wrote:
> On 12/19/2016 3:44 PM, Magnus Melin <mkmelin+mozilla at iki.fi> wrote:
>> If you're really interested in knowing which advisories applied to
>> Thunderbird, you're free to go click through them and count - see
>> https://www.mozilla.org/en-US/security/advisories/ - the product is
>> listed for each. Of course not everything applies to Thunderbird, but
>> a lot of them do apply.
>
> I finally had time to take a look and see if I could get an idea, but
> every one of these says that access is restricted, so I have no way of
> even seeing the bug details, therefore no way to determine if they apply
> to TB or not.

The Thunderbird list is 
https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/

I suspect only the most recent ones are still hidden, (eg from the last 
half year or so, based on spot checking.  I'm inquiring to the security 
folks if they can be made public.

> I would think there would be a way that someone with access could
> provide a list of bugs, say over the last 6 months, that had a real
> world security risk for TB users. By real world I mean, in the world of
> code, I know there is a big difference between a 'technical
> vulnerability', and a real world one. There may be a technical very
> serious vulnerability, but it could have virtually zero chance of being
> remotely exploitable - or, it may not apply to TB at all.

Speaking for myself, as someone somewhat close to the security bugs, I'm 
not willing to do that amount of work.

Unless someone who is willing to do this work speaks up, I think we 
consider this subject closed or be taken offline.



More information about the tb-planning mailing list