Firefox and Sarge

To: debian-devel@lists.debian.org
Subject: Firefox and Sarge
From: Mike Hommey <mh@glandium.org>
Date: Fri, 20 Aug 2004 15:22:46 +0900
Message-id: <[🔎] 20040820062246.GA20946@vaio.glandium.org>

Hello all,

As you might know if you read d-d@l.d.o regularly, Eric Dorland,
maintainer of the firefox package, is still away for the next week and
a half (roughly).

As you might know as well, there are quite a few issues for getting
a proper Firefox into Sarge. Let me summarize the situation:

- Sarge will be frozen soon (August 28th ?)
- Firefox version in sarge (0.8) is fucked security wise, and the only way to
  fix these bugs is to upload a new upstream.
- The latest upstream is 0.9.3, but, as Eric said in a previous mail,
  has still 2 RC bugs. The alpha issue had been reported on 0.9.1, so
  maybe it has actually disappeared, and the extensions manager issue is
  much deeper.
- Firefox 1.0rc1, which solves the extensions manager issue, was due for
  August 10th, but is still not released, and nobody at the moment seems
  to know when the release might happen. "When it's ready".

Now comes the action.

I NMUed a pre1.0 version into experimental, so that it can be widely
tested, builders are invited to upload non-i386 builds, and everyone is
invited to chase bugs.

I'm experimenting non-invasive patches to get the 0.9.3 extensions
manager to suck less and solve the RC bug attached to it.

Now, there are two (actually three) distincts possible futures for firefox:
- 1.0rc is released before sarge freeze. In that case, the
  changes from the current version in experimental might not be too big
  and easily dealable, so that we can decide to upload it, considering
  that the changes needed on the debian part are already done in the
  experimental package.
- 1.0rc is not released before sarge freeze or it won't make it to sarge
  for any reason. In that case, if the patches I'm working on do the
  job, we can maybe get a RC-bug-less 0.9.3 into sarge (that also
  depends on the alpha arch issue, though).
- Otherwise, do not distribute firefox with sarge.

The main problem, as for sarge release, is that having a 0.9.3 in sarge,
i.e. for quite some time without being able to upload a new upstream,
might not help getting security fixes for it, especially considering the
changes between 0.9 branch and 1.0 branch. If we can get a 1.0rc in sarge,
security patches for 1.0 are more likely to apply without harm.

I must say I'd prefer Eric (or the RM) to take the decision for what
would be better for sarge... I'm only NMUing...

Thanks for reading.

Mike

PS: Actually, there's no decision to make if 1.0rc is not released
before sarge freeze.

Reply to:

Follow-Ups:
- Re: Firefox and Sarge
  - From: Andrew Pollock <apollock@debian.org>
- Re: Firefox and Sarge
  - From: Mike Hommey <mh@glandium.org>

Prev by Date: Re: buildd queue visibility
Next by Date: Re: buildd queue visibility
Previous by thread: Bug#266986: ITP: crasm -- Cross assembler for 6800/6801/6803/6502/65C02/Z80
Next by thread: Re: Firefox and Sarge
Index(es):
- Date
- Thread