<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFCC" text="#000000">
<p>AFAIK, the great majority of security flaws comes from Gecko. So
I understand "security update from Mozilla" as the integration
work of all security patches coming from Firefox development
teams. I think security flaws coming from "community innovations"
won't be fixed by Mozilla. So, while Thunderbird will exist and
use Gecko, I think Mozilla will do the Gecko security maintenance
and integration. I think Mozilla doesn't do that for SeaMonkey.<br>
</p>
<p>In my mind, Gecko is the only reason why rapid release policy was
applied to Thunderbird. By themselves, as Mitchell Baker wrote it,
the mailing functionalities are very stable and very satisfying
for lots of users. So one can say Gecko isn't a good stuff for
Thunderbird because it leads to a management à la Firefox which
doesn't make sense for a mail client. In my opininon, the first
big "community innovation" should be to replace Gecko by a more
simple and stable javascript and rendering engine in order to cut
once for all the deadly link with Firefox.<br>
</p>
<p>The new policy proposed converts ESR as the stable release for
all users and maintains the 6 week rapid release cycles only for
Gecko maintenance. I.e back to the old release cycle known for
Thunderbird previous its version 3.0. In fact even a slower cycle
because by that time, Thunderbird had 2 Mozilla devs to enhance
it.<br>
</p>
<p>As part of a corporate IT staff, I think the main problem will be
this slower innovation rate beyond version 17 which could lead the
top management in the next two years to decide to replace
Thunderbird by a more living mail client. Moreover, webmails seem
already very interesting because of their centralized maintenance,
their zero deployment cost and their advanced UI similar to a
classic mail client. As an individual, I will certainly keep
Thunderbird to be sure to have my mails on my PC and not in a
cloud which will analyze them for profit.<br>
</p>
Le 23/07/2012 12:41, Ben Bucksch a écrit :<br>
<blockquote cite="mid:500D2A44.4060305@beonex.com" type="cite">I
have asked it a few times in various other emails, but gotten no
response to it. I really really need this question answered,
because it decides what we have to do now, today.
<br>
<br>
How long will Mozilla Foundation/Corporation, using paid staff,
provide security updates to Thunderbird, in terms of years and
decades? This includes making the required changes to Thunderbird
to adapt to Gecko / Mozilla platform changes, which is
considerable work.
<br>
<br>
Users need assurance that they will still have a email client
without security holes in e.g. 5 years. If the future is not
guaranteed long-term, we need to start building a new one now, so
being concrete here is important.
<br>
</blockquote>
Regards,<br>
<pre class="moz-signature" cols="72">--
Laurent BAUVENS
</pre>
<DIV><P><HR>
*****************************************************<BR>
"Le contenu de ce courriel et ses eventuelles pièces jointes sont confidentiels. Ils s'adressent exclusivement à la personne destinataire. Si cet envoi ne vous est pas destiné, ou si vous l'avez reçu par erreur, et afin de ne pas violer le secret des correspondances, vous ne devez pas le transmettre à d'autres personnes ni le reproduire. Merci de le renvoyer à l'émetteur et de le détruire.<BR>
<BR>
Attention : L'Organisme de l'émetteur du message ne pourra être tenu responsable de l'altération du présent courriel. Il appartient au destinataire de vérifier que les messages et pièces jointes reçus ne contiennent pas de virus. Les opinions contenues dans ce courriel et ses éventuelles pièces jointes sont celles de l'émetteur. Elles ne reflètent pas la position de l'Organisme sauf s'il en est disposé autrement dans le présent courriel."<BR>
******************************************************<BR>
</P></DIV>
</body>
</html>