However, XULrunner will not be ready in time for FC6. According to caillon,
the current XULRunner is a "developer preview" and not suitable for shipping.

If we want gecko 1.8 in the fc6 timeframe (and e.g. epiphany and yelp require
it now), then we need to move seamonkey into core.

This is not about FC6. This is about FC5.

At present, Mozilla 1.7.13 is unsupported and it contains security holes which
are affecting Epiphany and any other software that depends on it in a supported
version of FC (i.e. version 5). Either Mozilla needs to be patched to remove
security holes or Seamonkey introduced in its place or the whole thing needs to
be replaced with XULRunner

Sorry, one other possibility here: Epiphany and other stuff can also be linked
against FF, of course.

(In reply to comment #3)
> Sorry, one other possibility here: Epiphany and other stuff can also be linked
> against FF, of course.

FF is static linked , and so cannot be linked against

Epiphany and Galeon and such support linking against Firefox, so clearly it is
possible. The fedora firefox package is missing a firefox-devel sub package...

Regarding comment #4: Even if that's true, it can surely be changed.

If Bugzilla is a democracy, let me just make my vote and say I'm going to
install SeaMonkey anyhow. Can't it be done for both FF and SeaMonkey to be in
core and provide Gecko to other packages? Both FF 1.5 and SM 1.0 have Gecko 1.8,
both FF 2.0 and SM 1.5 will have Gecko 1.9.

Right now I have Mozilla and SeaMonkey (funny, isn't it?) on my FC5, because
stuff "depend" on Mozilla (but I use most of it with SeaMonkey 1.5a anyhow).

Change the summary to reflect the actual request.

Firefox is definitely not statically linked in Fedora, try:
ldd /usr/lib/firefox-1.5.0.4/firefox-bin
(/usr/bin/firefox is just a shell script.)

(In reply to comment #7)
> Both FF 1.5 and SM 1.0 have Gecko 1.8,

correct

> both FF 2.0 and SM 1.5 will have Gecko 1.9.

my understanding of current mozilla.org plans, which might be wrong and might
change, is:

FF 2.0 and SM 1.1 will be Gecko 1.8.1

some time in the future FF 3 and SM 1.5 will be Gecko 1.9

> Right now I have Mozilla and SeaMonkey (funny, isn't it?) on my FC5, because
> stuff "depend" on Mozilla (but I use most of it with SeaMonkey 1.5a anyhow).

I think the difficult part is, that Mozilla 1.7.x packages provide the "runtime"
GRE that other apps embed.
When I created the SM package for FE I did not include GRE, because it would
conflict with the one in 1.7.x, and I don't know whether the 1.8 APIs are still
compatible with the 1.7 ones.

In relation to this from comment #10:

> When I created the SM package for FE I did not include GRE, because it would
conflict with the one in 1.7.x, and I don't know whether the 1.8 APIs are still
compatible with the 1.7 ones.

This is all well and good, but FC5 is still supported and it will be for some
time. Therefore, all those apps that depend on Mozilla (which is currently
unpatched and contains known security issues) should either be linked against
something else or dropped as unsupported.

Epiphany can be built against FF, according to the authors. As for the rest, I
guess the only way to find out is to read the docs and then try it.

It has now been over 3 weeks since all those security issues have been
disclosed. Time to make some decisions...

The whole thing is going to affect RHEL as well, so it's going to be interesting
to see which direction is that going to take...

My understanding is that Christopher Aillon has been working with a 
community of developers to create backported patches for Mozilla-1.7.13,
because this is the Mozilla used in Red Hat Enterprise Linux at present.
(See Bug #193906.)  I would not doubt that once packages are available
there for 1.7.13, that around the same time, 1.7.13 packages would also
be available for Fedora Core.

My understanding is also that since the Mozilla-1.7.x series is no longer
supported by the Mozilla Foundation, but Seamonkey is being supported as
an app that would appear to have the same features as Mozilla, that RHEL
is moving towards Seamonkey down the road.

I am not sure what the plans are for Fedora Core, but I would imagine that
they would be parallel or similar, since RHEL and Fedora Core have many of
the same developers.

For a some more information, see the discussion thread starting here, in
the fedora-security-list archives:
<http://www.redhat.com/archives/fedora-security-list/2006-June/thread.html#00022>.

Hope this helps.   -David

If Christopher is working on patches for 1.7.13, then he can close this bug as
WONTFIX or mark it as duplicate of bug #193906.

It is not wontfix and it is not a duplicate of the aforementioned bug.

> It is not wontfix and it is not a duplicate ...

Hm, I for one lost a patience a while ago and replaced mozilla on FC5
with a seamonkey-1.0.4 with a spec file derived from the one used in
updates to RHEL4.  Edits boil down to a emoval of nss and nspr subpackages
and changing a configuration to --with-system-nss and --with-system-nspr.
As opposed to seamonkey packages from extras what I recompiled _replaces_
mozilla packages, and provides various "mozilla..." things, instead of
beeing installable side-by-side.  This clearly requires recompilation
of some other packages (yelp, devhelp, ...), so some libraries in different
locations can be found, but this was not an issue.

FWIW I am running like that for some time and I do not see so far
any ill-effects.  Not informed about the change other users failed to
notice anything unusual. :-)

BTW - doing the same for older distributions, like FC4, requires even
less changes in a spec file.

I lost track of this. Is the update for FC5 now Seamonkey from Extras?

> Is the update for FC5 now Seamonkey from Extras?

Nope. Seamonkey has to be recompiled in the same manner, in principle,
as packages from RHEL to provide, among other things, an executable
called "mozilla" and also mozilla, with a suitably high version, in
"Provides" or various things will break.

Also other packages have to be recompiled as they use mozilla (seamonkey)
supplied libraries.  For sure yelp and devhelp and also, I think,
thunderbird and epiphany.  Probably this is complete list.  In FC6 those
programs depend on 'firefox' instead.

You can surely use seamonkey from extras as a browser instead of your
current mozilla.

I may be trying to compile Seamonkey-1.0.6 for FC5 in the i386 arch.  Is
anyone interested in the output of that?  I could try and post it somewhere
if folks are interested....

Looks like the replacement went ahead, but now seamonkey has disapeared from
FC5, user not knowing what to do can't use seamonkey anymore.

I would think that since seamonkey is replacing mozilla, there should have been
links created or something for mozilla but leaving seamonkey alone.

In my particular case, my seamonkey icons in all my users desktops no longer
work, I had to manually install the other components (mozilla-mail and
mozilla-chat) and now my mail no longer shows anything, no folders no e-mail
accounts, nothing.

I would say this was a bad decision.

Leave seamonkey the way it was before and add new mozilla packages that just
need seamonkey and that create links or something.

It appears that the action has taken place that this bug report requested,
with the release of seamonkey-1.0.7-0.6.fc5, which happened on January 5th --
see Bug #219365 and also the release note by Martin Stransky to the fedora-
package-announce mailing list:
<http://www.redhat.com/archives/fedora-package-announce/2007-January/msg00024.html>.

Although the above announcement doesn't explicitly say it, my impression
is that seamonkey-1.0.7-0.6.fc5 is a mozilla *replacement* and overrides
the FC5 seamonkey that had been maintained in Fedora Extras by Kai Engert.

Note to Jairo:  If you are still having the problem you note in comment #20
of this bug report, I recommend you file a new bug against Seamonkey for
product "Fedora Core"/FC5, when the new "seamonkey" component is available
in Bugzilla to file a bug report against.  (See Bug #222811).

Closing this bug report ERRATA.