On Wednesday 4 December 2024 23:25:42 GMT Matt Jolly wrote: > Hi Rainer, > > On 5/12/24 00:35, Dr Rainer Woitok wrote: > > So which slot should I choose? Any opinions out there? > > I can't speak for Firefox, but I do maintain Chromium which is similar > enough in terms of being a browser with a fast release cycle and several > channels. > > I recommend keeping your browser as up-to-date as possible. The `rapid` > channel for Firefox may result in more frequent updates for you as > an end-user, but it always includes the latest fixes (and features) > > That's not saying that ESR is likely to be vulnerable, but the fixes > going into ESR are going to be backported from the rapid and development > channels. A lot of work goes into ensuring that these backports are done > in a timely manner, but it's not beyondthe realm of possibility for one > to be missed, or announced and fixed in rapid but not in ESR leaving > those users vulnerable. > > IMO if you're not an enterprise you should be running rapid. If you are > an enterprise you have your own requirements to think about, but you > should probably also be running rapid. > > In Chromium terms, I often run the beta (or dev) channels, as I know > that security fixes for the stable channel are implemented in dev > and backported from there. > > I hope that helps, I need to run and get breakfast. > > Cheers, > > Matt
Thanks for your informed input. What would say is the time lag between some vulnerability announced in a browser before backporting takes place? I've been thinking the latest dev release may have patched some old(er) vulnerability, while at the same time introducing one or two new zero-day horrors. Thinking about it, would you know how far out of kilter is Falkon with respect to vulnerabilities? I noticed enotices mention Falkon is essentially out of date and some websites may break, but couldn't decide if this meant it should not be used unless you've a penchant for retro-software. PS. As an alternative to Firefox the OP could consider the overlay for Librewolf/librewolf-bin: https://librewolf.net/ https://codeberg.org/librewolf/gentoo.git Its releases are more frequent than the Firefox-ESR, but I don't know if they are in sync with Firefox rapid.
signature.asc
Description: This is a digitally signed message part.
