Moritz Mühlenhoff <jmm@inutil.org> writes: > Russ Allbery <rra@debian.org> schrieb: >> Simon Josefsson <simon@josefsson.org> writes: >> >>> Is there any reason (other than lack of manpower) that GNU IceCat is not >>> packaged in Debian? >> >> I suspect it's mostly just resources, but it's an immense amount of work, >> and not just for the packaging. Web browsers have one of the largest and >> most actively exploited attack surfaces of any package in Debian, and I >> suspect the security team will be very wary of introducing another version >> of Firefox into the archive unless the security update story is very >> well-understood. > > Indeed. If there's any worthwhile wrt security enhancements, please submit > patches to Mozilla so that it ends up in Firefox. The majority of improvements are in areas where there is philosophical disagreement -- as a simple example, IceCat enables DoNotTrack by default, but (as far as I understand) both upstream Firefox and Debian Iceweasel does not want to make that change. IceCat is currently based on Firefox 31.8.0 (ESR, last update in June 2015) and Iceweasel is based on Firefox 38.2.1 (ESR, August 2015). Perhaps the situation would be easier for the security team if a IceCat package in Debian was based on the same ESR release as Iceweasel? /Simon
Attachment:
signature.asc
Description: PGP signature