1 |
Rich Freeman posted on Wed, 21 Sep 2011 12:10:27 -0400 as excerpted: |
2 |
|
3 |
> Plus at least with firefox the old versions don't suddenly stop |
4 |
> working/etc, assuming they still get upstream security notices. |
5 |
|
6 |
That's the thing. AFAIK, they don't. FF4 is still getting them I |
7 |
believe, due to longer term commitments made there, but from FF5 onward, |
8 |
no. The upstream policy is that with rare urgent (0-day) exceptions like |
9 |
the recent bump for SSL certs invalidation that necessitate a mid-cycle |
10 |
bump, updates will be to the next major version. Thus, once a new major |
11 |
version is out, previous versions are already considered vulnerable by |
12 |
definition and no further notices are given. |
13 |
|
14 |
In fact, there has even been discussion of removing the numeric version |
15 |
info from the about box, etc. It would say something like either "You |
16 |
are running the latest version" or "Updates are available and you are |
17 |
urged to upgrade", that's it. However, from the coverage I've read, the |
18 |
current release manager, at least, decided that numeric version info |
19 |
would remain available. (Partly, that was due to already getting push- |
20 |
back on the 6-week-cycle and given that, someone having at least enough |
21 |
sanity not to push it all the way to binary current/not-current.) |
22 |
|
23 |
So yes, either current stable policy will need to change, or Gentoo might |
24 |
as well give up on a stable firefox. It's as if they're deliberately |
25 |
forcing the issue, strongly encouraging distros and their users to simply |
26 |
give up on distro versions entirely, and go direct-upstream-sourced pre- |
27 |
compiled binaries. I guess that's one way to solve the bundled library |
28 |
and patches vs. trademarks issues! =:^( (Of course, firefox is more or |
29 |
less being pushed into it since chrome with its extremely similar |
30 |
policies, is eating their lunch ATM, thus all these chrome-clone policy |
31 |
changes. Unfortunately, most of the world is still proprietary, and |
32 |
that's SOP in the proprietary world.) |
33 |
|
34 |
... And I don't have a clue when the scheduled cutoff is, but ff4 won't |
35 |
be supported forever. |
36 |
|
37 |
-- |
38 |
Duncan - List replies preferred. No HTML msgs. |
39 |
"Every nonfree program has a lord, a master -- |
40 |
and if you use the program, he is your master." Richard Stallman |