- From: Joran Greef <joran@ronomon.com>
- Date: Wed, 6 Apr 2011 19:36:10 +0200
- To: "Tab Atkins Jr." <jackalmage@gmail.com>
- Cc: public-webapps@w3.org
On 06 Apr 2011, at 7:24 PM, Tab Atkins Jr. wrote: > When a security bug is encountered, either the browsers update to a > new version of sqlite (if it's already been fixed), thus potentially > breaking sites, or they patch sqlite and then upgrade to the patched > version, thus potentially breaking sites, or they fork sqlite and > patch the error only in their forked version, still potentially > breaking sites but also forking the project. The only thing that is > *not* a valid possibility is the browsers staying on the single fixed > version, thus continuing to expose their users to the security bug. > > ~TJ Browser vendors are moving to shorter and shorter release cycles. People have stopped viewing these things through the "IE6-here-forever" lens. Browsers are starting to update themselves automatically, even nightly. If a security issue were to be found, it would be highly unlikely that its patch would break any SQL interface of SQLite.
Received on Wednesday, 6 April 2011 17:36:41 UTC