* Posts by Fluffbucket

2 posts • joined 19 Feb 2008

Opera screeches at Mozilla over security disclosure

Thumb Up

@Chris Cheale

"what exactly stops Opera from keeping an eye on FF's bugzilla?"

The fact that Mozilla's security bugs are hidden until they have released a fix perhaps?


It's sad to see all the ignorant and venomous remarks that totally miss the point

Wow, some people here are really clueless.

"One day should be more than enough"

Really? Someone talked about how the Linux kernel got a fix in a day. A fix for TESTING! A bugfix ready for testing does not mean that it is ready to be deployed in a finished product! There's more to fixing a bug than writing some code and compiling, you know.

"Why expect competitors to alert you of flaws?"

Because this is what *MOZILLA* wants other browsers to do to them! They are big on "responsible disclosure"! They preach it all the time! But this time they did not practice what they preach or expect other browsers to do to them.

@Andy S. - All browsers have major bugs. Look at the memory leaks in Firefox.

@Futaihikage - What, if they have time to briefly mention Mozilla's irresponsible disclosure, they also have the time to analyze the problem, plan the fix, write the actual code to fix it, do the testing to see if the flaw is really fixed, and then test for regressions? All of this could have been done in the same amount of time they took to write a paragraph about Mozilla's irresponsible disclosure??

@Matt Caldwell - Opera has a better track record than Mozilla for fixing security holes, as a matter of fact.

@Paul - Actually, Mozilla can often take its sweet time. There was a chrome:// flaw which was open for what, five years? Opera has a better track record. And Mozilla could have released the fix without giving out all the details on the flaw. You know, like other browsers do when more than one browser is affected.

@Alan Donaly - Opera has been responsible when they have found bugs that affect Mozilla. Mozilla who keep preaching about "responsible disclosure" could have returned the favour.

@stizzleswick - When did Opera take too long to fix security bugs? And the complaint is NOT THAT MOZILLA FIXED IT FIRST. It's that MOZILLA NOTIFIED OPERA ONLY A DAY BEFORE THEY DISCLOSED ALL THE DETAILS. The problem wasn't the fix, but the irresponsible disclosure.

@Ian Johnston - Opera has been around for more than a decade and is in fact the leading mobile browser.

@Chris - "FF announced it almost 2 months ago to the world" - no they did not. They announced it when they released their fix.

@Mark Rendle - What do you mean by mean? The point is that Mozilla keeps yelling about responsible disclosure and yet they are hypocritical in this particular situation. And all Opera did was to write a couple of sentences about it on a blog where 9.26 was announced.


Biting the hand that feeds IT © 1998–2022