From mboxrd@z Thu Jan  1 00:00:00 1970
From: Mark H Weaver <mhw@netris.org>
Subject: Re: Packaging a free Firefox
Date: Tue, 22 May 2018 15:05:20 -0400
Message-ID: <878t8b7bpr.fsf@netris.org>
References: <20180516181028.1a9cd04b@merlin.browniehive.net>
	<878t8jiiwx.fsf@gmail.com> <87vabm1po2.fsf@gnu.org>
	<20180517134744.ngrwyjvfx7yod5sq@abyayala>
	<87k1s2gvx8.fsf@dustycloud.org>
	<20180517152916.swplt5md7h4mb5o2@abyayala>
	<87h8n6go71.fsf@dustycloud.org>
	<20180518041424.zyr6jkshlner6i7v@thebird.nl>
	<20180521045836.2rl4udhubfoklqa3@thebird.nl>
	<87efi4n575.fsf@netris.org>
	<20180522041813.h7e2pxwkpazr6xc7@thebird.nl>
Mime-Version: 1.0
Content-Type: text/plain
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:54678)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mhw@netris.org>) id 1fLCcD-0005sz-3j
	for guix-devel@gnu.org; Tue, 22 May 2018 15:06:33 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mhw@netris.org>) id 1fLCc9-0005jw-TW
	for guix-devel@gnu.org; Tue, 22 May 2018 15:06:33 -0400
Received: from world.peace.net ([64.112.178.59]:53740)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <mhw@netris.org>) id 1fLCc9-0005jk-Pf
	for guix-devel@gnu.org; Tue, 22 May 2018 15:06:29 -0400
In-Reply-To: <20180522041813.h7e2pxwkpazr6xc7@thebird.nl> (Pjotr Prins's
	message of "Tue, 22 May 2018 06:18:13 +0200")
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Pjotr Prins <pjotr.public12@thebird.nl>
Cc: guix-devel@gnu.org, Nils Gillmann <ng0@n0.is>

Pjotr Prins <pjotr.public12@thebird.nl> writes:

> On Mon, May 21, 2018 at 04:07:10PM -0400, Mark H Weaver wrote:
>> 45.5.1?  That's ancient, with a large number of known security flaws.
>> Why are you running such an old version?
>
> Ancient? November 2016 released. Ancient is my thinpad and ancient is
> me ;). Security matters, but my system is not *that* vulnerable. Note
> that I run the browser in a degraded mode (noscript, noflash etc.).
> That actually matters most.

November 2016 is ancient for a web browser, which has an extraordinarily
large attack surface.  While it's true that disabling javascript helps,
there are known vulnerabilities in several other parts of the code.

Your system is vulnerable to attack.  If you think otherwise, you are
mistaken.

      Mark