Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-dev
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-dev@g.o
From: Duncan <1i5t5.duncan@...>
Subject: Re: [RFC] How do we handle stabilisations of not-exactly-maintained packages
Date: Wed, 21 Sep 2011 16:51:09 +0000 (UTC)
Rich Freeman posted on Wed, 21 Sep 2011 12:10:27 -0400 as excerpted:

> Plus at least with firefox the old versions don't suddenly stop
> working/etc, assuming they still get upstream security notices.

That's the thing.  AFAIK, they don't.  FF4 is still getting them I 
believe, due to longer term commitments made there, but from FF5 onward, 
no.  The upstream policy is that with rare urgent (0-day) exceptions like 
the recent bump for SSL certs invalidation that necessitate a mid-cycle 
bump, updates will be to the next major version.  Thus, once a new major 
version is out, previous versions are already considered vulnerable by 
definition and no further notices are given.

In fact, there has even been discussion of removing the numeric version 
info from the about box, etc.  It would say something like either "You 
are running the latest version" or "Updates are available and you are 
urged to upgrade", that's it.  However, from the coverage I've read, the 
current release manager, at least, decided that numeric version info 
would remain available.  (Partly, that was due to already getting push-
back on the 6-week-cycle and given that, someone having at least enough 
sanity not to push it all the way to binary current/not-current.)

So yes, either current stable policy will need to change, or Gentoo might 
as well give up on a stable firefox.  It's as if they're deliberately 
forcing the issue, strongly encouraging distros and their users to simply 
give up on distro versions entirely, and go direct-upstream-sourced pre-
compiled binaries.  I guess that's one way to solve the bundled library 
and patches vs. trademarks issues! =:^(  (Of course, firefox is more or 
less being pushed into it since chrome with its extremely similar 
policies, is eating their lunch ATM, thus all these chrome-clone policy 
changes.  Unfortunately, most of the world is still proprietary, and 
that's SOP in the proprietary world.)

... And I don't have a clue when the scheduled cutoff is, but ff4 won't 
be supported forever.

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman



References:
[RFC] How do we handle stabilisations of not-exactly-maintained packages
-- Tomáš Chvátal
Re: [RFC] How do we handle stabilisations of not-exactly-maintained packages
-- Rich Freeman
Re: [RFC] How do we handle stabilisations of not-exactly-maintained packages
-- Duncan
Re: Re: [RFC] How do we handle stabilisations of not-exactly-maintained packages
-- Rich Freeman
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Re: [RFC] How do we handle stabilisations of not-exactly-maintained packages
Next by thread:
Re: Re: [RFC] How do we handle stabilisations of not-exactly-maintained packages
Previous by date:
Re: Please don't use IUSE=static-libs unless really necessary
Next by date:
Re: Re: [RFC] How do we handle stabilisations of not-exactly-maintained packages


Updated Jun 29, 2012

Summary: Archive of the gentoo-dev mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.