Author: sajolida Date: To: The Tails public development discussion list Subject: Re: [Tails-dev] Icedove security updates / Tails release schedule
intrigeri: > I'm replying to "the severity of the options above", regarding
> option b.
>
> Let's keep in mind that other email clients we used to ship, or could
> choose to ship haven't synchronized their release schedule with
> Firefox either; Ditto for most other software we ship, actually. So,
> the "security updates are delayed a bit" problem is neither news here,
> nor specific to Icedove.
>
> It *is* a serious problem, however. The long-term solution we've put
> our odds on so far, that will work regardless of what email client we
> ship, is to streamline our release process so that we can, some day,
> put out (smaller) updates more often. This is one of the main reasons
> why we've been putting so much efforts into our automated test suite
> lately :)
Same here. To put it differently, Firefox is the only software we ship
that is synchronized with our release schedule :)
Icedove might deserve more attention than, let's say GtkHash, but other
ones might be as serious, for example Pidgin, I2P, Electrum, or Enigmail
itself.
So I'd say we keep an eye on their security announcement, be ready for
an emergency upgrade the day it's really needed, and in the meantime
keep on working on streamlining our release process and having endless
upgrades (#7499, #8534, or whatever).
