On 07/18/2014 02:19 PM, Ned Slider wrote: > I note EPEL has a thunderbird package but it seems very out of date at > version 24.5.0. Version 24.6.0 was released 10 June, nearly 6 weeks ago, > and fixed 3 critical security issues. Is this normal for EPEL to be so > far behind on security updates? > > So what is everyone else using? I'm using the EPEL package for my personal laptop. The odds of me getting bit by a 6 week old exploit are probably almost non-existent. The odds of me forgetting to keep a custom install of thunderbird updated outside of yum is very high. I'm far from any kind of security expert, but here are two things I do to keep my browser/email client safe: 1. I only use gmail - as Google likes to scrub all of my data clean before they steal it 2. I install a custom hosts file ( http://someonewhocares.org/hosts/ ). This protects all applications in one swoop, not just the browser. I don't use any adblock browser/email plugins because I've never investigated where the list of re-directs are stored on the machine. Perhaps they are harmless... but it would be easy to place a few re-directs in there and get millions of machines to do bad things real fast. ~ Chris