On Sat, Mar 19, 2016 at 01:45:49AM +0900, Mike Hommey wrote: > On Fri, Mar 18, 2016 at 05:23:21PM +0200, Henri Sivonen wrote: > > You say you don't see #5 happening. Do you see #4 happening? If not, > > what do you see happening? > > At this point, I'm wondering if the best outcome wouldn't be 6) Distros > die. I'm almost not joking. > > > > LTS distros do update Firefox because there is no way they can support > > > security updates on older releases (I've done it with 3.5 long enough to > > > know it's not tractable). But they do it once a year (at every ESR bump), > > > not every 6 weeks. > > > > This is not the case for Ubuntu LTS. Even Ubuntu 12.04 gets a new > > Firefox release every six weeks, and there is a package gcc-mozilla > > that backports a GCC newer than the original GCC in 12.04 as a build > > dependency: > > http://archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_45.0+build2-0ubuntu0.12.04.1.dsc > > > > So, clearly, at least in the case of Ubuntu, there is precedent for 1) > > updating Firefox every six weeks in LTS and 2) the Firefox package > > having a build dependency on a compiler that's newer than the > > compilers that originally shipped with the LTS system release. > > > > When I started this thread, I thought the s/IceWeasel/Firefox/ change > > in Debian involved Debian starting to ship Firefox the way Ubuntu > > does. For clarity: Is that not the case and Debian will only ship ESR > > but an ESR that's within Mozilla's support period? I can see how > > shipping ESR is the closest approximation of compliance with a policy > > to ship outdated software, but how does ESR address Debian's package > > dependency issues? If the next ESR requires a compiler that's not in > > the current Debian stable, what then? > > > > Looking at > > https://www.debian.org/releases/stable/amd64/release-notes/ch-information.en.html#browser-security > > , it seems that Debian users get a more up-to-date Blink than Gecko. > > If that policy is any indication, if ESR didn't exist, Gecko would get > > the same deal as Blink... In other words, it looks like Debian > > penalizes Gecko relative to Blink because ESR exists. :-( > > Well, at some point Blink wasn't even in stable. I'm actually surprised > that it is now. But as a matter of fact, Debian's old stable is not > receiving Blink/Chromium updates (it's stuck on 37), while it receives > updates for Iceweasel (it has 38.7 as or writing, will receive 38.8, and > 45.2 after that)
Note that this is why Blink/Chromium can get away with very frequent updates in stable and not Iceweasel/Firefox: $ grep-dctrl -sPackage -FDepends chromium --and --not -FSource chromium-browser /var/lib/apt/lists/ftp.jp.debian.org_debian_dists_jessie_main_binary-amd64_Packages | wc -l 2 (one is http://chromium-bsu.sourceforge.net/, the other is mozplugger, which... sounds like a mistake... I think it's an NPAPI plugin) $ grep-dctrl -sPackage -FDepends iceweasel --and --not -FSource iceweasel /var/lib/apt/lists/ftp.jp.debian.org_debian_dists_jessie_main_binary-amd64_Packages | wc -l 64 Iceweasel/Firefox is part of an ecosystem. Mike _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
