Re: How should we handle greenbone-security-assistant?
On Fri, Dec 18, 2020 at 01:33:33PM +0100, Jonas Smedegaard wrote:
>...
> It is indeed not realistic to fit all fast-changing code projects into
> Debian. We have made a few fast-paced projects like Firefox fit, but in
> my opinion we did that in a problematic way: By endorsing embedded code
> copies, which is painful to maintain.
>
> I think we should not relax our rules, but (improve our packages so that
> we can) tighten our rules to apply more consistently - e.g. avoid
> embedded code copies also in Firefox.
>...
Embedded code copies are the smallest problem with Firefox,
and on that I would actually trust Mozilla to release fixes quickly.
The huge pain with Firefox is that it has a history of needing updated
versions of at least 5 different compilers in Debian stable series:
https://tracker.debian.org/pkg/gcc-mozilla
https://tracker.debian.org/pkg/llvm-toolchain-7
https://tracker.debian.org/pkg/rustc
https://tracker.debian.org/pkg/nasm-mozilla
https://tracker.debian.org/pkg/nodejs-mozilla
IMHO the best option for Firefox would be to stop shipping it in stable,
and offer a Flatpak instead.
> - Jonas
cu
Adrian
Reply to: