Skip to main content
Topic: CVEs and Timing Between Artix Release and Official Release That is not In Arch (Read 276 times) previous topic - next topic
0 Members and 2 Guests are viewing this topic.

CVEs and Timing Between Artix Release and Official Release That is not In Arch

Lets count timing:
Firefox has a bug a bug/expoit
Some know because its officially  roported (unless its non-disclosure 9months)
Time taken to check the bug and fix the hole that is hiding among other bug reports
Time to check your fix
Time to release the software:
Building it in Arch
Syncing/Separate building it in Artix
propagation to mirrors
Download and install
How long it was?

to the above we have to add:

Time the one man job of librewolf to release new version (sometimes it happens a week after the official release)
Fixed Librewolf is officially released.
Times goes by...
Time to Artix devs coming back from weekend partying/holiday etc and remember they have to not only sync to Arch.

... Artix has outdated Librewolf.

As far as I remembered even in old times Ubuntu had "the same day policy" for Firefox.
So how does it look in Artix? Just curios. Not trolling.




Re: CVEs and Timing Between Artix Release and Official Release That is not In Arch

Reply #1
Something is very wrong with this post.
I stop here before I go into a massive rant and ban you.

Re: CVEs and Timing Between Artix Release and Official Release That is not In Arch

Reply #2
It is true that librewolf (a galaxy package; done purely when the maintainer has time) is behind a version. You can simply look at the diff and see that it's an extremely minor change at best. No need for the CVE FUD.