Re: Switching to mozilla ESR in stable-security

To: Moritz Muehlenhoff <jmm@debian.org>
Cc: debian-devel@lists.debian.org, team@security.debian.org, glandium@debian.org
Subject: Re: Switching to mozilla ESR in stable-security
From: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Date: Wed, 29 May 2013 01:17:06 +0200
Message-id: <[🔎] 51A53AF2.3010604@physik.fu-berlin.de>
In-reply-to: <[🔎] 20130528203303.GA5425@pisco.westfalen.local>
References: <[🔎] 20130528203303.GA5425@pisco.westfalen.local>

Hi Moritz!

On 05/28/2013 10:33 PM, Moritz Muehlenhoff wrote:

we need to change the way security fixes are handled for Mozilla
in stable-security. The backporting of security fixes is no
longer sustainable resource-wise.


I second this. Having one of the most commonly used desktop applications
lacking so much behind the current upstream versions in a newly
released Debian version is very frustrating and annoying.

Having the current ESR versions of Iceweael and Icedove in Debian
stable is the best practice as these releases were just intended
to be used in scenarios were Debian stable is deployed.

As such, we'll switch to releasing the ESR releases of iceweasel
and icedove in stable-security.


Great! Really looking forward.

Let me add to that there is currently no easy way (e.g. without
rebuilding the package) to install Icedove ESR on Wheezy. The
Debian Mozilla packaging team suggests installing Icedove
ESR from unstable [1], but alas this version is linked against
libc6 2.17 and will therefore force an update of the libc6
installed on Wheezy which is unacceptable [2].

I therefore urge anyone involved in packaging Icedove to provide
a version of Icedove ESR linked against the version of libc6
in Wheezy.

Also, if anyone of the GNOME package maintainers is reading this,
why does the gnome meta package depend on xul-ext-adblock-plus? This
often causes major headache when upgrading either Iceweasel or
Icedove in the form that using the wrong upgrade path will
result in partial or full removal of GNOME.

In the future the majority of packages should thus rather be installed
through http://addons.mozilla.org instead of Debian packages.


I think this is the best approach. Most addons should be installed
through the built-in addon manager as this will make keeping
addons up-to-date much easier and reduces maintaining efforts. As
long as we're going with the latest ESR versions, I assume that
most of the most popular addons will work when installed through
the official upstream sources.

Cheers,

Adrian

> [1] http://mozilla.debian.net/
> [2] http://paste.debian.net/7192/

--
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaubitz@debian.org
`. `'   Freie Universitaet Berlin - glaubitz@physik.fu-berlin.de
  `-    GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Reply to:

Follow-Ups:
- Re: Switching to mozilla ESR in stable-security
  - From: Simon McVittie <smcv@debian.org>

References:
- Switching to mozilla ESR in stable-security
  - From: Moritz Muehlenhoff <jmm@debian.org>

Prev by Date: Re: MBF: transition from texi2html to texinfo
Next by Date: Re: default MTA
Previous by thread: Switching to mozilla ESR in stable-security
Next by thread: Re: Switching to mozilla ESR in stable-security
Index(es):
- Date
- Thread