Re: Recommended method to install Firefox 3.6 in Lenny (64 bits)
On Fri, Jan 22, 2010 at 09:21:55PM +0100, Sven Joachim wrote:
> On 2010-01-22 21:17 +0100, Boyd Stephen Smith Jr. wrote:
>
> > From what I understand, the debian-security guys will still backport fixes to
> > iceweasel in Lenny as needed until security support is terminated for Lenny.
>
> Not really, actually security support for Iceweasel could end rather
> soon.
>
> http://www.debian.org/releases/lenny/i386/release-notes/ch-information.en.html#mozilla-security
>
I'm concerned about the way this is handled. I understand that
continuing support in Debian once upstream support has stopped may be
infeasible, but is ceasing support while offering no alternatives (and
not much warning) really the best solution?
I'll confess that I never read the release notes until now, but I think
admins should get more warning about this issue. In the release notes,
"Your web browser will cease to get security updates" falls in between a
notice that "NetworkManager doesn't play nice with NIS" and "There are
no huge changes in the KDE Desktop". An internet app w/o security
updates seems vastly more important than the issues that surround it in
the release notes.
At the very least what I would have liked to see was an update to
Iceweasel that doesn't actually update the software, but issues a
warning to the admin that security updates have ceased. One step better
would be to include a supported version of Iceweasel in Lenny main. I
know it's against Debian policy to add new versions during a stable
release. But isn't it also Debian policy to provide security updates for
the life of the release? (I may be assuming that last bit, but I hope
not).
Anyway, I've now installed Iceweasel 3.5 from backports. I just wish I
could have gotten it from the Debain main repo that I know and trust.
This is not a shot against the guys who run backports.org. It's just
that I don't think backports is intended to be a substitute for
security.debian.org.
-Rob
Reply to: