Security updates for Firefox 4 in F-15

Christoph Wickert christoph.wickert at googlemail.com
Sun Jun 26 19:33:25 UTC 2011 

Am Sonntag, den 26.06.2011, 13:25 -0300 schrieb Evandro Giovanini: 
> On Sun, Jun 26, 2011 at 1:01 PM, Christoph Wickert
> <christoph.wickert at googlemail.com> wrote:
> > Am Sonntag, den 26.06.2011, 17:08 +0200 schrieb Kevin Kofler:
> >> Felix Miata wrote:
> >> > FF5 is the security update to FF4.0.1, which incorporates an upstream
> >> > versioning policy change.
> >>
> >> The funny thing is that Firefox is going exactly the opposite way of us with
> >> their update policies,
> >
> > They didn't change their update policy but their release/development
> > model. FF 5 is an update to FF 4, but 3.6 got an update to 3.6.18, too.
> > This means that Mozilla's update policy hasn't changed.
> >
> >> and that as a result, that Firefox security update is
> >> not compliant with our update policies
> >
> > At what point exactly? Basically all that has changed is the version,
> > IHMO FF 5 can better be described as FF 4.1. The user experience hasn't
> > changed and the update meets all requirements of the update policy, so I
> > really don't see a problem here.
> >
> 
> Firefox 5 is not stable because it introduces new features. 

New features don't have anything to do with stability. It's the AI/ABI
and AFAIK nothing has changed in xulrunnner. All dependent packages
required a simple rebuild. We had these rebuilds with every single FF
update.

> The most
> visible example of this is users who had extensions stop working with
> Firefox 5.

This is most likely because the extensions expect a certain version
string but not because of API/ABI changes. 

> Firefox's policy has changed. In the past they supported a stable
> version for more than one day after the new release was out. 

What policy? The security policy? Firefox 3.6 is considered the previous
stable version and it is still supported. 

> They're
> not doing that anymore with Firefox 4, so users are forced to use the
> new features (and bugs) of a new release. It's a great policy if
> you're in a race to not lose mindshare from Chrome, it's not so great
> for the people who have Firefox deployed in stable environments.

Look, I never said I like the new version scheme. In fact I said that I
dislike it. The major version shouldn't have been bumped because is a
stable update, this means there are no API/ABI changes and no change in
configuration formats either. There are merely no changes and there is a
clean upgrade path, so I have no idea what problems in a stable
environment you are expecting.

And I have no idea what part of our update policy should be violated by
this update. Please somebody enlighten me.

Regards,
Christoph

More information about the devel mailing list