[Bugs] #694 URGE: xulrunner: security update

[SugarLabs Bugs]

#694: xulrunner: security update
------------------------------+---------------------------------------------
    Reporter:  sascha_silbe   |          Owner:  sascha_silbe               
        Type:  defect         |         Status:  new                        
    Priority:  Urgent         |      Milestone:  Unspecified by Release Team
   Component:  sugar-jhbuild  |        Version:  Git as of bugdate          
    Severity:  Critical       |     Resolution:                             
    Keywords:                 |   Distribution:  Unspecified                
Status_field:  Assigned       |  
------------------------------+---------------------------------------------

Comment(by sascha_silbe):

 > Should we move to 1.9.1 now that most distros are using it?
 I'm unsure about that. We'd loose support for Ubuntu intrepid (which still
 has support at least up to 2010.04) and Fedora 10 (don't know anything
 about Fedora support periods) - or at least would require people trying to
 get Sugar 0.86 running on those distros to backport latest xulrunner.
 Debian lenny (just released!) already isn't good enough due to dependency
 on gio.
 OTOH, given that xulrunner is supported rather shortly upstream, depending
 on old versions might not be a good idea either.

 > Also, do we need to worry about security in jhbuild? Given that it is a
 development tool.
 Especially in that case. Think of what happens if a developer machine gets
 taken over (we still have no Rainbow in place that would prevent that)!

-- 
Ticket URL: <http://dev.sugarlabs.org/ticket/694#comment:2>
Sugar Labs <http://sugarlabs.org/>
Sugar Labs bug tracking system