From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 3DB0E139085 for ; Mon, 19 Dec 2016 23:33:56 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A6839E0DBE; Mon, 19 Dec 2016 23:33:46 +0000 (UTC) Received: from ironport2-out.teksavvy.com (ironport2-out.teksavvy.com [206.248.154.181]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 50823E0DA7 for ; Mon, 19 Dec 2016 23:33:46 +0000 (UTC) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0BxFwAu3EVY/x6cSC1DGh0BBQELAYM4AQEBAQEfWoEGiE+EeJcKJgGUVoIIKYVzBAICghFAFAECAQEBAQEBAWIohGkBBAE6HCgLCyETEg8FJTeIZwgOLqxYi0QBAQgCIAWFRXmEW4MLggmCZYIwBY98imoBgXuET4o/ihAXhiOOAoQNHzeBGYVzIDQBiHgBAQE X-IPAS-Result: A0BxFwAu3EVY/x6cSC1DGh0BBQELAYM4AQEBAQEfWoEGiE+EeJcKJgGUVoIIKYVzBAICghFAFAECAQEBAQEBAWIohGkBBAE6HCgLCyETEg8FJTeIZwgOLqxYi0QBAQgCIAWFRXmEW4MLggmCZYIwBY98imoBgXuET4o/ihAXhiOOAoQNHzeBGYVzIDQBiHgBAQE X-IronPort-AV: E=Sophos;i="5.33,749,1477972800"; d="scan'208";a="283237855" Received: from 45-72-156-30.cpe.teksavvy.com (HELO waltdnes.org) ([45.72.156.30]) by smtp.teksavvy.com with SMTP; 19 Dec 2016 18:33:44 -0500 Received: by waltdnes.org (sSMTP sendmail emulation); Mon, 19 Dec 2016 18:33:37 -0500 From: "Walter Dnes" Date: Mon, 19 Dec 2016 18:33:37 -0500 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Reading the (SSL) traffic with Pale Moon Message-ID: <20161219233337.GA15948@waltdnes.org> References: <20161217232554.GB9477@g0n.xdwgrp> <20161218015637.GC18283@waltdnes.org> <20161218055009.GA11155@g0n.xdwgrp> <20161218070441.GA19833@waltdnes.org> <20161218181616.GA13242@g0n.xdwgrp> <20161218184347.GB13242@g0n.xdwgrp> <20161218202933.GA23487@waltdnes.org> <20161219111643.GA31077@g0n.xdwgrp> <20161219171701.GE31077@g0n.xdwgrp> <20161219174353.GF31077@g0n.xdwgrp> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20161219174353.GF31077@g0n.xdwgrp> User-Agent: Mutt/1.5.24 (2015-08-30) X-Archives-Salt: e448974d-ddb6-4575-acb3-d9ea166064c5 X-Archives-Hash: aed1d8967b3ec94cbae87259362f2128 On Mon, Dec 19, 2016 at 06:43:53PM +0100, Miroslav Rovis wrote > And whether the NSS that Pale Moon uses is fine, maybe some of the devs > can tell us, I apologize for for having made too hasty and very probably > wrong conclusion in regard... See the 2nd post in https://forum.palemoon.org/viewtopic.php?t=8971 Moonchild (the lead developer) > The moment I am given access to the MozSec bugs after each 6-week > release, I perform a full security audit on the bugs and code > for applicability. If a vulnerability exists in Pale Moon that is > addressed by these bugs, it is patched in the next release, with > chemspill releases for urgent security issues pushed out asap in a > point release. There is some informal slang here that you may not understand... * "chemspill" ==> an emergency similar in nature to a hazardous chemical spill, requiring immediate response * "asap" ==> an acronym for "As Soon As Possible" 3rd post in same thread Matt Tobin (developer) > One thing to keep in mind is that just because there is a vulnerability > in a codebase doesn't mean that there always was a vulnerability. As > most know, Mozilla has been rewriting code (refactoring) at a rabid > pace and has actually introduced more security flaws just by > refactoring and rewriting the code badly than were previously there > in the older incarnation of a chunk of code. Short summary... * Pale Moon is an independant fork * Pale Moon started out with a snapshot of Firefox code * Pale Moon has made its own set of changes * Mozilla (Firefox) has made a different set of changes * the two browsers' source code is different enough that a problem that affects Firefox may not affect Pale Moon; see... https://forum.palemoon.org/viewtopic.php?f=1&t=13984 * if there are real problems, there are point releases. That's one reason why Pale Moon 27.0.1 and 27.0.2 and 27.0.3 have been released. E.g. see "Security-related and crash fixes:" in https://forum.palemoon.org/viewtopic.php?f=1&t=14223 -- Walter Dnes I don't run "desktop environments"; I run useful applications