[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: GNU IceCat?

Moritz Mühlenhoff <jmm@inutil.org> writes:

> Russ Allbery <rra@debian.org> schrieb:
>> Simon Josefsson <simon@josefsson.org> writes:
>>> Is there any reason (other than lack of manpower) that GNU IceCat is not
>>> packaged in Debian?
>> I suspect it's mostly just resources, but it's an immense amount of work,
>> and not just for the packaging.  Web browsers have one of the largest and
>> most actively exploited attack surfaces of any package in Debian, and I
>> suspect the security team will be very wary of introducing another version
>> of Firefox into the archive unless the security update story is very
>> well-understood.
> Indeed. If there's any worthwhile wrt security enhancements, please submit
> patches to Mozilla so that it ends up in Firefox.

The majority of improvements are in areas where there is philosophical
disagreement -- as a simple example, IceCat enables DoNotTrack by
default, but (as far as I understand) both upstream Firefox and Debian
Iceweasel does not want to make that change.

IceCat is currently based on Firefox 31.8.0 (ESR, last update in June
2015) and Iceweasel is based on Firefox 38.2.1 (ESR, August 2015).

Perhaps the situation would be easier for the security team if a IceCat
package in Debian was based on the same ESR release as Iceweasel?


Attachment: signature.asc
Description: PGP signature

Reply to: