From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 2E9531581D8 for ; Thu, 5 Dec 2024 00:00:09 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 69302E08D6; Thu, 5 Dec 2024 00:00:02 +0000 (UTC) Received: from rusty.tulip.relay.mailchannels.net (rusty.tulip.relay.mailchannels.net [23.83.218.252]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 4A477E08C4 for ; Wed, 4 Dec 2024 23:59:59 +0000 (UTC) X-Sender-Id: thundermail|x-authsender|confabulate@kintzios.com Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 91B9280CF9 for ; Wed, 4 Dec 2024 23:59:58 +0000 (UTC) ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1733356798; a=rsa-sha256; cv=none; b=57rJ90c3HdXWAkYJu02cDLV97yKYVv7Oezn1YIkyjOqnpF9rr85/q8RG9wQ/s3JI0beALC rnaJixhs+mCvog11iQagWrZ3kf/+IZeobygMAc1MgqOHeeBa1Dm0GMozFJt27f7V4rljwr 4Z9FqX+dycHFV8TJbIYtxRYQumDb1ArPICnGTGXRlllGfnNLnhUOYjqesHiMIvD5pTqk5u +xdSodL43Q40tPS6UyHmXQgbC+wwFx6p5ShkZX/LcH1GwEY/ckWg+HkkBGWK6pmMZeXBbJ VP+BY0G8/s89fA0cRtkewQHutmXZXyNLvzRvX1KDUIaJZdb253WabW0OoyBUSQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1733356798; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references; bh=I4RyrFoC9yhhHn4qNz9KsqOM1aeqR6nHTy7dQXDBW/M=; b=dZxvMCCxtBbiureNjVpKqqgQkhxhy27bY3eLjxbp9gm6vPHx4t7SRL1pbcnHVT6SgHpN3z FUsPiblewml/zF4oxkzYNA4mag0ey2ygOr8afySicugpkMLtd0BEFKy2IQvoNnX5ouDzCv da9GX/0dzg4zIVsJFnDBAZqC1HIElDwhW9l3vDQYPBoXlHrpqvTfXikjhFCS15xT0iz/4i GBl54ESS8x0ykqNDqHL0/xxgAKNeQ9zDVacEmFK+AYdT6LYlyaTyvIdw9cz8Msl4os6Jfh Rvbynm8afPDhZm3G2wiF9W4EBOWe1No4PZfgZVCSbaSl0T+alEOumCMhJ3QJuQ== ARC-Authentication-Results: i=1; rspamd-fc7fd4597-zn48l; auth=pass smtp.auth=thundermail smtp.mailfrom=confabulate@kintzios.com X-Sender-Id: thundermail|x-authsender|confabulate@kintzios.com X-MC-Relay: Neutral X-MailChannels-SenderId: thundermail|x-authsender|confabulate@kintzios.com X-MailChannels-Auth-Id: thundermail X-Gusty-Thoughtful: 1320eae45c52bdc1_1733356798227_1675935467 X-MC-Loop-Signature: 1733356798227:1282344155 X-MC-Ingress-Time: 1733356798227 Received: from mailclean11.thundermail.uk (mailclean11.thundermail.uk [149.255.60.66]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.122.179.101 (trex/7.0.2); Wed, 04 Dec 2024 23:59:58 +0000 Received: from cloud238.thundercloud.uk (cloud238.thundercloud.uk [149.255.62.116]) by mailclean11.thundermail.uk (Postfix) with ESMTPS id CD6661E0002 for ; Wed, 4 Dec 2024 23:59:55 +0000 (GMT) Authentication-Results: cloud238.thundercloud.uk; spf=pass (sender IP is 217.169.3.230) smtp.mailfrom=confabulate@kintzios.com smtp.helo=rogueboard.localnet Received-SPF: pass (cloud238.thundercloud.uk: connection is authenticated) From: Michael To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Package "www-client/firefox" Date: Wed, 04 Dec 2024 23:59:36 +0000 Message-ID: <46853104.fMDQidcC6G@rogueboard> In-Reply-To: References: <675068a0.7b0a0220.30e30f.7bd5@mx.google.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2219361.Icojqenx9y"; micalg="pgp-sha256"; protocol="application/pgp-signature" X-PPP-Message-ID: <173335679494.2312204.8614695511891632240@cloud238.thundercloud.uk> X-PPP-Vhost: kintzios.com X-Spamd-Result: default: False [-1.51 / 999.00]; SIGNED_PGP(-2.00)[]; MID_RHS_NOT_FQDN(0.50)[]; ONCE_RECEIVED(0.20)[]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; MX_GOOD(-0.01)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_TLS_ALL(0.00)[]; DMARC_POLICY_ALLOW(0.00)[kintzios.com,none]; FROM_HAS_DN(0.00)[]; FUZZY_RATELIMITED(0.00)[rspamd.com]; REPLYTO_DOM_NEQ_TO_DOM(0.00)[]; ARC_NA(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; MISSING_XM_UA(0.00)[]; ASN(0.00)[asn:34931, ipnet:149.255.60.0/22, country:GB]; MIME_TRACE(0.00)[0:+,1:+,2:~]; TO_DN_NONE(0.00)[]; REPLYTO_ADDR_EQ_FROM(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; RCVD_COUNT_ONE(0.00)[1]; PREVIOUSLY_DELIVERED(0.00)[gentoo-user@lists.gentoo.org]; R_DKIM_NA(0.00)[]; NEURAL_HAM(-0.00)[-0.999]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_SPF_ALLOW(0.00)[+mx]; HAS_REPLYTO(0.00)[confabulate@kintzios.com] X-Rspamd-Queue-Id: CD6661E0002 X-Rspamd-Action: no action X-Rspamd-Server: mailclean11 X-Archives-Salt: b35c2cda-b727-4058-8aca-f4fa4ee6e413 X-Archives-Hash: c733ffb61aa32b11e18850284e8f22d4 --nextPart2219361.Icojqenx9y Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="utf-8"; protected-headers="v1" From: Michael To: gentoo-user@lists.gentoo.org Reply-To: confabulate@kintzios.com Subject: Re: [gentoo-user] Package "www-client/firefox" Date: Wed, 04 Dec 2024 23:59:36 +0000 Message-ID: <46853104.fMDQidcC6G@rogueboard> In-Reply-To: MIME-Version: 1.0 On Wednesday 4 December 2024 23:25:42 GMT Matt Jolly wrote: > Hi Rainer, > > On 5/12/24 00:35, Dr Rainer Woitok wrote: > > So which slot should I choose? Any opinions out there? > > I can't speak for Firefox, but I do maintain Chromium which is similar > enough in terms of being a browser with a fast release cycle and several > channels. > > I recommend keeping your browser as up-to-date as possible. The `rapid` > channel for Firefox may result in more frequent updates for you as > an end-user, but it always includes the latest fixes (and features) > > That's not saying that ESR is likely to be vulnerable, but the fixes > going into ESR are going to be backported from the rapid and development > channels. A lot of work goes into ensuring that these backports are done > in a timely manner, but it's not beyondthe realm of possibility for one > to be missed, or announced and fixed in rapid but not in ESR leaving > those users vulnerable. > > IMO if you're not an enterprise you should be running rapid. If you are > an enterprise you have your own requirements to think about, but you > should probably also be running rapid. > > In Chromium terms, I often run the beta (or dev) channels, as I know > that security fixes for the stable channel are implemented in dev > and backported from there. > > I hope that helps, I need to run and get breakfast. > > Cheers, > > Matt Thanks for your informed input. What would say is the time lag between some vulnerability announced in a browser before backporting takes place? I've been thinking the latest dev release may have patched some old(er) vulnerability, while at the same time introducing one or two new zero-day horrors. Thinking about it, would you know how far out of kilter is Falkon with respect to vulnerabilities? I noticed enotices mention Falkon is essentially out of date and some websites may break, but couldn't decide if this meant it should not be used unless you've a penchant for retro-software. PS. As an alternative to Firefox the OP could consider the overlay for Librewolf/librewolf-bin: https://librewolf.net/ https://codeberg.org/librewolf/gentoo.git Its releases are more frequent than the Firefox-ESR, but I don't know if they are in sync with Firefox rapid. --nextPart2219361.Icojqenx9y Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEXqhvaVh2ERicA8Ceseqq9sKVZxkFAmdQ7OgACgkQseqq9sKV ZxmxoRAA3NETUfLq6r3qPWc0l3ab0d+Z0yqEvzFtrZATZ9v0kHQ8OJQUiIEAfK3N iX2+SsDD4zi5RH3OyJyrUp2L0nCusVpqZcT8M3B4G3BQWZiOVy200S01fXfngvVT GVgD29i4s3k43qhtPdDSXVAsLivpS1UvfLOOlX1Ldxr4a/B883TzhBO57Do3yuTv tsVQ6yfendklJRvqJlPUFYgJ6gWMYODMM9moHXQYmUPMyU1uDofcgFuGZgHJG5em YbnkGxtk+u7yogoTXeOwjgyami10ylQdCu2DTiFl9iu0XNG2gdJYOlkObgCTT3xK iJ0f5McBOgqhoxKDP9nm3XrDRfZlI3wlsJFsN6yKoqWj5RprfQ/+uUf64p2NeOlA 4LXqOIN1iBxYusCaHnJqDwRbGpWKk8XDSO39dAmsbBn6kzgyyGAYSo0O7t1T2BhM GI7QL98npwdeia59EGiwnHS71M/BxIjp9itRy6EoWmVeGcjmxJJWuRETgtvufRWk XSWVY+YVC/qJWRxXBiBfyKYBWh9RAGhTya4w6oWF9pY8DZX8ROnaR1NVRWAvpA5A MS19X7wGP5dj7+i/LhrwK+JsVeUI1YkCdVB/c/d/z7Zhr7rBXMqHyFnYXc8rFXR2 CsC3aLml1lcFVIa6X2mWUfQHzTTGtG9X+viQ/6bQInMx03mA3Vs= =edfv -----END PGP SIGNATURE----- --nextPart2219361.Icojqenx9y--