Firefox and Sarge
Hello all,
As you might know if you read d-d@l.d.o regularly, Eric Dorland,
maintainer of the firefox package, is still away for the next week and
a half (roughly).
As you might know as well, there are quite a few issues for getting
a proper Firefox into Sarge. Let me summarize the situation:
- Sarge will be frozen soon (August 28th ?)
- Firefox version in sarge (0.8) is fucked security wise, and the only way to
fix these bugs is to upload a new upstream.
- The latest upstream is 0.9.3, but, as Eric said in a previous mail,
has still 2 RC bugs. The alpha issue had been reported on 0.9.1, so
maybe it has actually disappeared, and the extensions manager issue is
much deeper.
- Firefox 1.0rc1, which solves the extensions manager issue, was due for
August 10th, but is still not released, and nobody at the moment seems
to know when the release might happen. "When it's ready".
Now comes the action.
I NMUed a pre1.0 version into experimental, so that it can be widely
tested, builders are invited to upload non-i386 builds, and everyone is
invited to chase bugs.
I'm experimenting non-invasive patches to get the 0.9.3 extensions
manager to suck less and solve the RC bug attached to it.
Now, there are two (actually three) distincts possible futures for firefox:
- 1.0rc is released before sarge freeze. In that case, the
changes from the current version in experimental might not be too big
and easily dealable, so that we can decide to upload it, considering
that the changes needed on the debian part are already done in the
experimental package.
- 1.0rc is not released before sarge freeze or it won't make it to sarge
for any reason. In that case, if the patches I'm working on do the
job, we can maybe get a RC-bug-less 0.9.3 into sarge (that also
depends on the alpha arch issue, though).
- Otherwise, do not distribute firefox with sarge.
The main problem, as for sarge release, is that having a 0.9.3 in sarge,
i.e. for quite some time without being able to upload a new upstream,
might not help getting security fixes for it, especially considering the
changes between 0.9 branch and 1.0 branch. If we can get a 1.0rc in sarge,
security patches for 1.0 are more likely to apply without harm.
I must say I'd prefer Eric (or the RM) to take the decision for what
would be better for sarge... I'm only NMUing...
Thanks for reading.
Mike
PS: Actually, there's no decision to make if 1.0rc is not released
before sarge freeze.
Reply to: