Re: GNU IceCat?
On Wed, September 9, 2015 09:42, Simon Josefsson wrote:
> Moritz Mühlenhoff <firstname.lastname@example.org> writes:
>> Russ Allbery <email@example.com> schrieb:
>>> Simon Josefsson <firstname.lastname@example.org> writes:
>>>> Is there any reason (other than lack of manpower) that GNU IceCat is
>>>> packaged in Debian?
>>> I suspect it's mostly just resources, but it's an immense amount of
>>> and not just for the packaging. Web browsers have one of the largest
>>> most actively exploited attack surfaces of any package in Debian, and I
>>> suspect the security team will be very wary of introducing another
>>> of Firefox into the archive unless the security update story is very
>> Indeed. If there's any worthwhile wrt security enhancements, please
>> patches to Mozilla so that it ends up in Firefox.
> The majority of improvements are in areas where there is philosophical
> disagreement -- as a simple example, IceCat enables DoNotTrack by
> default, but (as far as I understand) both upstream Firefox and Debian
> Iceweasel does not want to make that change.
> IceCat is currently based on Firefox 31.8.0 (ESR, last update in June
> 2015) and Iceweasel is based on Firefox 38.2.1 (ESR, August 2015).
> Perhaps the situation would be easier for the security team if a IceCat
> package in Debian was based on the same ESR release as Iceweasel?
If the most significant changes are different defaults and other changed
settings, surely we can do something smarter to make these available to
our users other than duplicating the entire application in our archive?