Results 1 to 8 of 8

Thread: What's the reasoning behind openSUSE's Firefox updates policy?

  1. #1

    Question What's the reasoning behind openSUSE's Firefox updates policy?

    So my Firefox was updated today today via the official openSUSE update applet. Upon restarting Firefox, I was greeted with the usual message:

    "Youre now running Firefox x.x.xx
    For security reasons, we recommend downloading the latest and greatest version."

    Which brings me to the question I always wanted to asked but never did - Why isn't openSUSE pushing the latest and greatest versions of Firefox?

    I understand not using the bleeding edge versions for stability/compatibility reasons, but atleast how about a version that's a couple of revisions old, instead of an entire branch?

    Is Mozilla wrong in assuming the latest and greatest version is best for security?
    Does openSUSE believe in stability and compatibility first, over security?
    Is Firefox such a critical component of the system that it's not feasible to test and push the latest versions, for the fear of breaking many dependent components?

    Or is there some policy of reserving branch changes for new versions of openSUSE? (11.1 - 3.0.4, 11.2 - 3.5, 11.3 - 3.6?) If so, why?

    Just curious as to what's the official answer, that's all. Of course, also looking forward for discussions as to what's *your* opinion and practice regarding using the latest version, or sticking with the official repo versions.



    (Btw, yes I know I can manually update to the latest version or automate it by adding the necessary repos, and it's as easy as eating pie, but that's not my question. :) Also, I understand why things like the kernel, desktop environment/WM etc aren't the latest versions... but why Firefox?)

  2. #2
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: What's the reasoning behind openSUSE's Firefox updates policy?

    Same reason as with other apps, the app version that was shipped with the distro release is the one that will continue to be updated. Whether this is too conservative wrt a web browser is debatable. Other distros are less reticent.

    Note that the 3.5 series is still maintained by Mozilla and still receives security fixes. However as 3.0 is no longer maintained, on 11.1 the version of Firefox was bumped to 3.5. Probably something similar has to be done if/when 3.5 is retired during the lifetime of 11.2, or 3.6 during the lifetime of 11.3.

    PS: I'm not a dev or anybody official, these just are my observations.

  3. #3
    Join Date
    Aug 2008
    Location
    Seattle, WA
    Posts
    1,376

    Default Re: What's the reasoning behind openSUSE's Firefox updates policy?

    Many people add the Mozilla repo from the Build Service. It's reliably stable and current. Otherwise, as Ken points out, the official repo keeps up to date with security patches.

  4. #4

    Default Re: What's the reasoning behind openSUSE's Firefox updates policy?

    Thanks for your answers, but my original question(s) still remain unanswered. I understand that the 3.5 branch is still being maintained by Mozilla, but it still doesn't include some of the new security features/fixes found in the 3.6 branch, for example, protection from out-of-date plugins. Why does openSUSE think these features aren't important enough to upgrade?

  5. #5
    Join Date
    Jul 2008
    Location
    Seattle, WA
    Posts
    17,079

    Default Re: What's the reasoning behind openSUSE's Firefox updates policy?

    On Sat, 10 Jul 2010 04:36:01 +0000, dextermanas wrote:

    > Why does openSUSE
    > think these features aren't important enough to upgrade?


    Stability trumps features. The reason that no package is upgraded to the
    next major/minor release is primarily for stability and ease of testing.

    When most software goes through a major or minor release, there's a need
    to test for dependency breakage. Staying with the same version reduces
    the amount of testing needed because the dependencies aren't going to
    change.

    Jim



    --
    Jim Henderson
    openSUSE Forums Administrator

  6. #6
    Join Date
    Jun 2008
    Location
    Earth - Denmark
    Posts
    10,730

    Default Re: What's the reasoning behind openSUSE's Firefox updates policy?

    dextermanas wrote:
    > -(btw, yes i know i can manually update to the latest version or
    > automate it by adding the necessary repos, and it's as easy as eating
    > pie, but that's not my question.


    but that IS the question you asking!

    it is simple for YOU to have the newest of the new firefox and at the
    same time it is simple for the community to NOT push *every* user
    (many of whom do NOT want to risk new bugs in new code) into having
    the newest of the new by just not moving it into the basic repo..

    doing it that way allows all users to have it the way they want...easy
    as pie..

    --
    Enjoy Packman's benefits? Show your appreciation by donating at
    http://se.unixheads.org/?donate

    DenverD
    CAVEAT: http://is.gd/bpoMD [posted via NNTP w/openSUSE 10.3]

  7. #7
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: What's the reasoning behind openSUSE's Firefox updates policy?

    Quote Originally Posted by dextermanas View Post
    Thanks for your answers, but my original question(s) still remain unanswered. I understand that the 3.5 branch is still being maintained by Mozilla, but it still doesn't include some of the new security features/fixes found in the 3.6 branch, for example, protection from out-of-date plugins. Why does openSUSE think these features aren't important enough to upgrade?
    But Mozilla doesn't think the risk is significant enough to either backport this feature to 3.5, or to deprecate 3.5 and force people to move to 3.6, so in due course when 4.0 comes out, 3.5 will go out of support. There is no such thing as zero-risk, it's always a tradeoff against effort, and openSUSE devs have weighed the pros and cons and made a decision one way.

    So the answer remains, obviously you disagree, but if is important enough to you, you can upgrade. As I said this is a grey area and value judgements differ.

  8. #8

    Default Re: What's the reasoning behind openSUSE's Firefox updates policy?

    Another thing to keep in mind latest does not always mean greatest, its been bugging me since 3.0 that mozilla treats each minor point update as the greatest.
    Sure it might bring you security fixes but stability might be another issue
    https://features.opensuse.org/308357

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •