Author: intrigeri Date: To: The Tails public development discussion list Subject: Re: [Tails-dev] Icedove security updates / Tails release schedule
u wrote (12 Jan 2016 16:04:47 GMT) : > Also, we should investigate how to better keep track of MFSAs and other
> security announcements (even prior to them being posted on
> debian-security). Some of us read FD or debian-security I think, but
> maybe we can track this in a more efficient manner?
I loosely follow oss-security and commits to Debian's secure-testing
repo. I've rarely seen advance notice of security issues/fixes in
Mozilla software via these channels. So, tracking MFSAs seems to be
the best we can do with only public information. AFAIK nobody from
Tails is on the "private" list where Linux distros discuss embargoed
security issues.
Wrt. Firefox, so far we've received heads up in advance from the Tor
Browser team. I guess similar ties with upstream Thunderbird could be
built and result in similar heads up.
