Re: Troubling security news for sarge users of mozilla, firefox, thunderbird...
hacker (of golf) wrote:
I don't believe that it is the learning of new features which is the
major concern here. But if/when the API of Firefox changes and is put
into stable. There are many other packages apparently which depend on
the firefox API, the changing of which in stable could also necessitate
the updating of dozens of other packages to later verions (whcih may
also have cascading dependencies).
Thanks for posting this .. I've been wondering why no updates on
firefox. In fact, pending updates, I already downloaded and am using
the mozilla.org tarball. I highly value having a secure browser, so
am willing to spend the extra time making it fit into sarge.
I'm not sure I agree that taking the whole version update from moz.org
is less desirable than just incorporating the security updates into a
"frozen" browser feature package. After all, if your smart enough to
install debian, you're smart enough to learn any new browser features
I for one am currently developing an application, which was *almost*
written as an XML interface using firefox, I would *not* be happy if the
API of Debian Firefox was changing underneath me. How many times would
it change? What notice would I get? How many times and how often would I
have to re-code my app just to keep it working? Isn't the whole point of
Debian stable that it is after all, stable?
And if an exception can be made for new releases of Firefox into stable
why can't it also be made for openoffice, gnome, pdnsd, gcc and any
other of the thousands of packages in debian?
This situation AFAICS is because Mozilla.org do not release security
patch/fixes, they release whole new versions of software with many
changes which are not related to security. It makes it very difficult
(impossible?) to keep a single version of firefox running over any
significant period of time.
That said, I also appreciate that firefox is moving pretty quickly (in
this stage of it's life cycle) and there are improvements all the time
(which I like to use). And what of firefox extensions? If Debian Sarge
lasts for two years is there any change that any extensions will be able
to work with it any more?
It's a pretty tricky situation :-)