[Novalug] Firefox versioning

Richard Ertel richard.ertel@gmail.com
Wed Dec 16 12:27:18 EST 2009


@Dan: that *is* what i said when i suggested installing the
'firefox-3.5' package. the point is, the 'firefox' package and the
'firefox-3.5' package contain different versions (obviously, hence the
need for -3.5, right?). most users don't know that package exists.
they only know that they are "stuck" (for all they know) with firefox
3.0.x

this is one of my gripes with Ubuntu, and why i wish that Arch was
easier to get configured quickly. or maybe i just want a
rolling-release Ubuntu...

On Wed, Dec 16, 2009 at 11:55, Bryan J. Smith <b.j.smith@ieee.org> wrote:
> [ Posting this to the list ]
>
> Red Hat - Backporting of Security Fixes:
>  http://www.redhat.com/security/updates/backporting/
>
> Anything and everything you've _ever_ wanted to know on how
> Red Hat platform (e.g., Enterprise Linux), middleware (e.g., JBoss),
> etc... products when it comes to security updates (definitely note the
> various pages on the left bar):
>  http://www.redhat.com/security/updates/
>
> Application Binary Interface (ABI) compatibility is the ultimate consideration
> for Red Hat in the platform -- Enterprise Linux (EL).  Red Hat extensively
> tests and regression tests even security fixes before release, hence why
> Red Hat may not be the absolutely quickest with a security errata by a
> few hours (for those that like to brag they are).  At the same time, I've seen
> a lot of "booms" for non-EL (or EL rebuilds) because they don't.  Ensuring
> customers can update without breakage, regressions or other issues is
> just as important as the security fix itself.  I know of one major distributor that
> failed to become a standard server OS at Dell because of this during Dell's
> testing to make it a peer to Novell and Red Hat offerings a couple years ago.
>
> In the case of Firefox, Red Hat _skipped_ Firefox 2.0.x completely.
> It shipped Firefox 1.5.x and _only_ rebased to Firefox 3.0.x with
> Enterprise Linux (EL) release 4 update 7 (EL4.7) and release 5 update
> 2 (EL5.2) IIRC.  Red Hat avoids rebasing as much as possible with it's
> EL releases, so don't expect any rebate to Firefox 3.5.x.  Red Hat will
> handling it's own backports, sometimes even after Mozilla has not merely
> deprecated the release, but no longer supports it -- depending on various
> factors.  Firefox 2.0.x was skipped for many reasons (including bugs), but
> a major reason Firefox 3.0.x was adopted was to segment XULRunner
> from Firefox (so GNOME would only have a dependency on XULRunner,
> not all of Firefox).
>
> I know first-hand that changes in Firefox 3.0.x profiles from Firefox 1.5.x
> caused a few headaches for a few customers.  Red Hat notified and
> tested with early adopters with the assumption that standard desktops would
> require changes in their mandatory, default and/or user prefs.js with the
> rebasing -- and did this for over a year before the rebase was done.   Hence
> why, again, rebasing is avoided at all costs.  Red Hat is heavily funded by
> subscriptions because it avoids these issues - it's customers pay for that
> sustaining engineering and related testing and regression avoidance.  The
> great majority of customers were prepared.  Others that did not heed the
> warnings had major headaches (and, in general, were not following all the
> notifications that were sent out, the early adopter channel for testing, etc...).
>
> Introducing Firefox 3.5.x would be as bad of an idea as Firefox 2.0.x for
> EL4 and EL5 at this time.  Mozilla is still supporting and updating Firefox
> 3.0.x as well, so there is no reason to put customers through another rebase.
>
> -- Bryan
>
> P.S.  If you really want Firefox 3.5.x, then grab the tarball, install it in
> /usr/local/lib/firefox-(ver).  Then apply your SELinux security contents
> using the system's Firefox 3.0.x tree as a reference (chcon --reference=).
> That's what I do if I really need Firefox 3.5.x features.  I also use it to run
> the old Firefox 1.5.x release for compatibility with some web app servers.
> There were a few security (and other) changes in Javascript in FF 3+.
>
>
>  --
> Bryan J  Smith           Professional, Technical Annoyance
> Linked Profile:         http://www.linkedin.com/in/bjsmith
> ----------------------------------------------------------
> Red Hat:  That 'other' American software company built on
> open customer selection of options and value, instead of
> controlled distribution channels of forced bundle and lock
>
>
>
> ----- Original Message ----
> From: Megan Larko <larkoc@iges.org>
> To: NOVALUG <novalug@calypso2.tux.org>
> Sent: Wed, December 16, 2009 11:10:54 AM
> Subject: [Novalug] Firefox versioning
>
> Hello List,
>
> I am curious again about software package version numbers.   I recall from past experience that
> sometimes security patches and bug fixes are put into software packages which may use a slightly
> different version number than the main software host site (usually for downloads and installs from a
> source tarball, for example).    My curiousity was piqued by a Windows Vista set of patches for the
> Firefox web browser (the patches are invoked from the firefox setting to notify the user of new
> patches) which reflect the firefox software version on the http://www.mozilla.com website using
> version number 3.5.6.     Looking at the patch information, some of the patches seem to be a very
> good idea.    I set myself to upgrading firefox on my CentOS 5.3 and Ubuntu 9.04 Jaunty systems.
> Both of the two latter systems indicate that they are current on firefox software version via yum
> for CentOS and wajig for Ubuntu.   The firefox version for those two systems is 3.0.15-3 (CentOS)
> and 3.0.15 (Ubuntu 9.04).
>
> My understanding is that 3.5.6 is a major version modification from 3.0.15 (based on my limited
> understanding of the significance of the second digit in a version number).
>
> Finally my question:  Do I need to uninstall firefox linux package to get the 3.5.x series or are
> there linux version number events going on to keep the deps in line?
>
> Cheers!
> megan
>
> Ubuntu 9.04 sample:
> larkoc@larkoc-Ubuntu:~$ firefox --version
> Mozilla Firefox 3.0.15, Copyright (c) 1998 - 2009 mozilla.org
> larkoc@larkoc-Ubuntu:~$ sudo wajig upgrade firefox
> [sudo] password for larkoc:
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> firefox is already the newest version.
> The following packages were automatically installed and are no longer required:
>   libdns45
> Use 'apt-get autoremove' to remove them.
> 0 upgraded, 0 newly installed, 0 to remove and 5 not upgraded.
> larkoc@larkoc-Ubuntu:~$ cat /etc/lsb-release
> DISTRIB_ID=Ubuntu
> DISTRIB_RELEASE=9.04
> DISTRIB_CODENAME=jaunty
> DISTRIB_DESCRIPTION="Ubuntu 9.04"
>
> _______________________________________________
> Novalug mailing list
> Novalug@calypso.tux.org
> http://calypso.tux.org/mailman/listinfo/novalug
>
> _______________________________________________
> Novalug mailing list
> Novalug@calypso.tux.org
> http://calypso.tux.org/mailman/listinfo/novalug
>



More information about the Novalug mailing list