[CentOS] Missing Thunderbird Updates

Wed May 20 21:38:25 UTC 2009
Ned Slider <ned at unixmail.co.uk>

nate wrote:
> Akemi Yagi wrote:
> 
>> We can't be the only ones still using C4 i386. Some of the outstanding
>> security updates are rated critical; maybe people just don't realize
>> how many unpatched vulnerabilities there are at this point.
> 
> I run C4 i386, though my systems are on trusted networks whose
> only services are provided by 3rd party packages(mostly java/tomcat)
> and my CentOS 4.6 machines are the least of my worries when it comes
> to updates(hello RHEL 3 update 3!)
> 
> When we get audited later this year I will try to push us onto RHEL,
> should be easier to justify at that point.
> 
> nate
> 

I think the point is that there must be something very wrong/broken if 
a) security updates are missing for over a month, and b) people don't 
even like to ask for fear of offending someone, and c) no one really 
talks about it.

One of the projects stated goals has always been to release updates 
within 72 hours, and often within 24 hours from upstream release. This 
isn't about missing that target by a day or two, but rather that 
security updates are completely missed altogether until someone notices 
and says something at which point they normally appear 24 hours later. 
It looks more like the process is broken to me, but as we have no idea 
what the process actually is it's impossible to tell.