| 1 |
Rich Freeman posted on Wed, 21 Sep 2011 12:10:27 -0400 as excerpted: |
| 2 |
|
| 3 |
> Plus at least with firefox the old versions don't suddenly stop |
| 4 |
> working/etc, assuming they still get upstream security notices. |
| 5 |
|
| 6 |
That's the thing. AFAIK, they don't. FF4 is still getting them I |
| 7 |
believe, due to longer term commitments made there, but from FF5 onward, |
| 8 |
no. The upstream policy is that with rare urgent (0-day) exceptions like |
| 9 |
the recent bump for SSL certs invalidation that necessitate a mid-cycle |
| 10 |
bump, updates will be to the next major version. Thus, once a new major |
| 11 |
version is out, previous versions are already considered vulnerable by |
| 12 |
definition and no further notices are given. |
| 13 |
|
| 14 |
In fact, there has even been discussion of removing the numeric version |
| 15 |
info from the about box, etc. It would say something like either "You |
| 16 |
are running the latest version" or "Updates are available and you are |
| 17 |
urged to upgrade", that's it. However, from the coverage I've read, the |
| 18 |
current release manager, at least, decided that numeric version info |
| 19 |
would remain available. (Partly, that was due to already getting push- |
| 20 |
back on the 6-week-cycle and given that, someone having at least enough |
| 21 |
sanity not to push it all the way to binary current/not-current.) |
| 22 |
|
| 23 |
So yes, either current stable policy will need to change, or Gentoo might |
| 24 |
as well give up on a stable firefox. It's as if they're deliberately |
| 25 |
forcing the issue, strongly encouraging distros and their users to simply |
| 26 |
give up on distro versions entirely, and go direct-upstream-sourced pre- |
| 27 |
compiled binaries. I guess that's one way to solve the bundled library |
| 28 |
and patches vs. trademarks issues! =:^( (Of course, firefox is more or |
| 29 |
less being pushed into it since chrome with its extremely similar |
| 30 |
policies, is eating their lunch ATM, thus all these chrome-clone policy |
| 31 |
changes. Unfortunately, most of the world is still proprietary, and |
| 32 |
that's SOP in the proprietary world.) |
| 33 |
|
| 34 |
... And I don't have a clue when the scheduled cutoff is, but ff4 won't |
| 35 |
be supported forever. |
| 36 |
|
| 37 |
-- |
| 38 |
Duncan - List replies preferred. No HTML msgs. |
| 39 |
"Every nonfree program has a lord, a master -- |
| 40 |
and if you use the program, he is your master." Richard Stallman |
Archives