Re: Firefox non-ESR update needed

To: debian-user@lists.debian.org
Subject: Re: Firefox non-ESR update needed
From: Andrei POPESCU <andreimpopescu@gmail.com>
Date: Wed, 8 Jul 2020 08:16:08 +0300
Message-id: <[🔎] 20200708051608.6uc5bihi66h5jgke@acr13.nuvreauspam>
In-reply-to: <[🔎] d51b617d-0d8b-92c8-7436-6f5264be6571@extremeground.com>
References: <[🔎] 5cecbcdb-b6ea-a9eb-a187-3139ca07bed4@extremeground.com> <[🔎] f7b98e8f-7ba4-5c64-0cb0-95a6cc2708cf@gmail.com> <[🔎] a7a4c9ab-9117-d84c-8e4a-d82d3e4270d2@extremeground.com> <[🔎] 20200707065550.oniwq4zfiyoxmvj4@acr13.nuvreauspam> <[🔎] 5730a3c1-2398-4e5a-b8c7-22a43f30f22e@extremeground.com> <[🔎] 20200707135754.GI22833@eeg.ccf.org> <[🔎] d51b617d-0d8b-92c8-7436-6f5264be6571@extremeground.com>

On Ma, 07 iul 20, 16:28:16, Gary Dale wrote:
> 
> The package maintainers are who make packages stable, not the product
> developers.

Hmm...

> There is nothing to prevent a none-esr version of Firefox from making it
> into stable.

For the particular software named "Firefox" there is. It's Mozilla's 
trademark policy (remember Iceweasel?).

> The maintainers just need to install the bug fix patches
> created to fix the bugs in that particular version. This is exactly what
> they do when significant bugs are found in the stable version of any package
> (in fact, a significant security bug was patched in Stretch/Stable a couple
> of years back that broke things. I had to hold the package back until Buster
> became the new Stable).

Providing security support to software for ~3 years (2 in stable, and 1 
in oldstable) without upstream's cooperation is difficult. For a complex 
and exposed software like Firefox even more so (remember the OpenSSH 
keys issue?). 

> I agree that Mozilla's decision to abandon reasonable numbering is a
> problem. But the esr release is a year old at this point and will be even
> older by the time Bullseye becomes stable.

In my opinion the introduction of the ESR release by Mozilla was a big 
gain for all those who prefer to use the same software for significant 
periods of time (years rather than months) and is a must for any big 
organisation (think 100s or 1000s of users contacting the company IT 
support at every change of browser version).

> The other issue is what's the point of a non-esr package in SID if it's not
> going to make it down to Testing then Stable? Version 78 is the next esr
> release anyway, so why put the non-esr edition in SID?

For sid users, of course ;)

> Anyway, I run the esr version normally, but having a significantly newer
> version available for those who want it doesn't seem like a bad thing. I
> remember not too long ago when Stable had two versions of Scribus...

Sure, feel free to offer your support to the Firefox packaging team 
(err... person?), after you convinced Mozilla to change their trademark 
policy.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- Firefox non-ESR update needed
  - From: Gary Dale <gary@extremeground.com>
- Re: Firefox non-ESR update needed
  - From: Bob Weber <bobrweber@gmail.com>
- Re: Firefox non-ESR update needed
  - From: Gary Dale <gary@extremeground.com>
- Re: Firefox non-ESR update needed
  - From: Andrei POPESCU <andreimpopescu@gmail.com>
- Re: Firefox non-ESR update needed
  - From: Gary Dale <gary@extremeground.com>
- Re: Firefox non-ESR update needed
  - From: Greg Wooledge <wooledg@eeg.ccf.org>
- Re: Firefox non-ESR update needed
  - From: Gary Dale <gary@extremeground.com>

Prev by Date: Re: Thunderbird replacement suggestions?
Next by Date: Re: How To Permanently Add-to a Users PATH Statement in the Bash Shell
Previous by thread: Re: Firefox non-ESR update needed
Next by thread: HP z820 workstation Soundcard?
Index(es):
- Date
- Thread