On Thu, Dec 09, 2021 at 04:37:18PM +0000, Tixy wrote: > On Thu, 2021-12-09 at 14:18 +0000, piorunz wrote: > > On 09/12/2021 12:47, Georgi Naplatanov wrote: > > > > > Hey Piotr, > > > > > > a new release of Firefox ESR was uploaded to Sid two days ago and > > > probably will be uploaded to stable soon. > > > > > > https://buildd.debian.org/status/package.php?p=firefox-esr&suite=sid > > > > ESR 91 was first uploaded to sid in November. It didn't migrated to > > Testing, or Stable, due to problems. Package tracker show some details: > > https://tracker.debian.org/pkg/firefox-esr > > > > There is a bug here: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001234 > > > > Rust compiler for Stable is not available? It means we have to continue > > to use outdated, vulnerable Firefox ESR until this is resolved? When it > > will be? > > Think it's more complicated than just a compiler [1] > > Thanks for bringing this to our attention. I've just installed ESR 91 > direct from Firefox, as it seems Debian are likely to leave us with an > insecure browser for a long time. Considering this was known about > before the last release, you would have thought we would have been > warned about it in the release notes, or through some other means. > > The only mention of Firefox in the release notes is... > > For general web browser use we recommend Firefox or Chromium. > They will be kept up-to-date by rebuilding the current ESR > releases for stable. > Work on this is nearing completion.
Please note that Mozilla is constantly updating to newer rustc and LLVM versions. That means that preparing a new major ESR release for Debian requires not just the packaging of the firefox-esr and thunderbird updates, but also some very complex toolchain components. Those components are usually already in unstable/testing, but for stable, oldstable, and LTS, the toolchain must be backported first. Regards, -Roberto -- Roberto C. Sánchez
