Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Ubuntu Desktop (http://www.linux-archive.org/ubuntu-desktop/)
-   -   Why don't we use Mozilla ESR in Precise? (http://www.linux-archive.org/ubuntu-desktop/629455-why-dont-we-use-mozilla-esr-precise.html)

Viktor Basso 02-06-2012 10:32 AM

Why don't we use Mozilla ESR in Precise?
 
On Mon 06 Feb 2012 12:23:37 PM CET, Petko wrote:

On 02/06/2012 12:14 PM, Viktor Basso wrote:

On 02/06/2012 10:22 AM, Jason Warner wrote:

Hi All -

Firefox ESR is indeed interesting, and it would seem to answer some
of the question corporations might have about Firefox, but I think
it is less interesting for Ubuntu.


Firefox adopted a rapid release model for various reasons, but among
them was that they needed the browser to keep up with the pace of
innovation on the internet. Ubuntu needs to be out in front of these
things and be pushing the very edge of what is possible,
particularly in the browser. I do not think we can ship a browser
that will lag by 12 months in any sense; the risks too far outweigh
the rewards.


I'm afraid that even a year lag (ESR update period) would put Ubuntu
at severe disadvantage to other platforms. Imagine a world where G+
or Facebook or some new whizbang product didn't work on Ubuntu
because the browser shipped didn't support some new
technology/javascript engine/platform component. That is neither
something we want nor can afford. We have to be better, we have to
be faster and we have to be braver.


The browser is among the chief components of the desktop that needs
to keep pace (or better) and I feel adopting Firefox ESR would be
the wrong choice for Ubuntu desktop.


Thanks,
Jason


On Sun, Feb 5, 2012 at 12:21 AM, Jo-Erlend Schinstad
<joerlend.schinstad@gmail.com <mailto:joerlend.schinstad@gmail.com>>
wrote:


In Precise we've upgraded to version 11 of both Firefox and
Thunderbird. But the reason for starting to upgrade frequently
was said to be that Mozillas support periods were limited for
newer versions after 3.6. But now we have the 10ESR versions of
both. Why are they not used instead of the short-term 11?

Thanks


I can agree that Ubuntu "needs to be out in front of these things".
But I do not believe that the Long Term Support releases should.



+1 on that . That's the actual difference between LTS and regular
releases - that LTS provides a stable environment (which always costs
being aback on the latest technologies ) . So there's the choice -
stable&a bit otdated or changing&latest . LTS should provide the first
(say with the option to upgrade to the latest version from the
repositories) .


Yes!
The LTS should be secure, stable and supported.
Not "better, faster, braver" as Jason pointed out.



--
ubuntu-desktop mailing list
ubuntu-desktop@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop

Jo-Erlend Schinstad 02-06-2012 10:49 AM

Why don't we use Mozilla ESR in Precise?
 
On 06. feb. 2012 10:22, Jason Warner wrote:

Hi All -

Firefox ESR is indeed interesting, and it would seem to answer some of
the question corporations might have about Firefox, but I think it is
less interesting for Ubuntu.




You have to understand that my original post was not meant as a
proposal, but as an open question. If Ubuntu now prefers the rapid
release pace of Firefox and Thunderbird, then it doesn't bother me that
much. But it does represent a shift in strategy. 10.04 has used 3.6
until very recently when it became unsupported. The reason that was
given for not upgrading it, was the SRU process. The reason that was
given for starting to upgrade Firefox in a rapid pace afterwards, was
that Mozilla had changed their support strategy and that it wouldn't be
feasible to backport the necessary security patches to old versions. But
now, Mozilla has changed their support strategy again, making it
unnecessary to circumvent the norms.


Now this becomes a question of communication, which to me is the biggest
weakness Ubuntu has that we can do something about. If this is an active
decision, then I would be interested to know when it was made and why we
haven't heard anything about it. This is a significant shift, and though
I try to pay close attention to what's going on, it came as a complete
surprise to me. I looked for blueprints, but I couldn't find any;
https://blueprints.launchpad.net/ubuntu/precise?searchtext=firefox. It
is bad communication, and we need to improve. I really don't like those
surprises. I spend a fair amount of time writing articles and
participating in discussions, in an effort to reduce some of the
misunderstandings that will always be a part of FOSS. Because
development is high pace and developers doesn't always have time, or
even skills, to write comprehensible non-tech articles explaining why
and how. When things like that suddenly changes without notice, then it
can easily make what I write, wrong. In that case, my contributions,
instead of being a small part of a small solution, becomes a bigger part
of a big problem. I don't think I have to explain why that's demoralizing.


Consider documentation writers. You've spent a few hours writing some
paragraphs or pages explaining why Ubuntu doesn't use the newest version
of Firefox. You're satisfied that your explanation really does explain
and is comprehensible by anyone. That's not easy. It's hard work. So you
commit. Then translators begin working on it. And translating single
strings is not always that difficult, but translating an article, is.
You finish two months ahead of schedule.


But then someone makes a silent little decision, and instead of being
two months ahead, you're suddenly two years outdated. Bad communication
hurts both enthusiasm and the finished product. We need predictability.


As usual, this has become much longer than I had intended. Let me finish
by making a proposal. Let's use the ESR versions by default in LTS
versions of Ubuntu, and add a package called something like
firefox-fastpace for those who want that. This way, we don't disrupt the
stability and predictability that is so attractive to those who chooses
LTS versions, but also make it easy for those who do want to be on the
cutting edge of the browser developments. When upgrading from an LTS to
a non-LTS, the user should be asked if the ESR version should still be
used, or switch to the fast pace version.


Thanks for reading,

Jo-Erlend Schinstad







--
ubuntu-desktop mailing list
ubuntu-desktop@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop

Jason Warner 02-06-2012 10:50 AM

Why don't we use Mozilla ESR in Precise?
 
On Mon, Feb 6, 2012 at 10:02 PM, Viktor Basso <viktor@basso.cc> wrote:


Yes!

The LTS should be secure, stable and supported. Not "better, faster, braver" as Jason pointed out.
And what if we could be both? ;) In fact, we can. By embracing Firefox proper rather than ESR, we are getting the current browser that will get security updates and thorough testing as well as being the most stable, secure and supported Firefox on the market. ESR, as noted by Mozilla [1], will not be the most secure, will not be the most updated and will note be the most supported. Additionally, we then get the updates to core components and offer a leading edge browser rather than on lagging by as many as 12 months. As I said earlier, ESR feels like too much risk for too little reward.*


* Jason
[1] -*https://wiki.mozilla.org/Enterprise/Firefox/ExtendedSupport:Proposal#Risks



Risks

The ESR will not have the benefit of large scale testing by nightly and beta groups.*As a result, the potential for the introduction of bugs which affect ESR users will be greater, and that risk needs to be understood and accepted by groups that deploy it. To help mitigate these risks, Mozilla will be asking organizations that deploy the ESR for assistance with testing alpha and/or beta builds of the ESR with their user base.

Over time, and ESR will be less secure than the regular release of Firefox, as new functionality will not be added at the same pace as Firefox, and only high-risk/impact security patches will be backported. It is important that organizations deploying this software understand and accept this.


--
ubuntu-desktop mailing list
ubuntu-desktop@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop

Viktor Basso 02-06-2012 11:09 AM

Why don't we use Mozilla ESR in Precise?
 
On 02/06/2012 12:50 PM, Jason Warner wrote:




On Mon, Feb 6, 2012 at 10:02 PM, Viktor
Basso <viktor@basso.cc> wrote:


Yes!

The LTS should be secure, stable and supported. Not "better,
faster, braver" as Jason pointed out.




And what if we could be both? ;) In fact, we can. By
embracing Firefox proper rather than ESR, we are getting the
current browser that will get security updates and thorough
testing as well as being the most stable, secure and supported
Firefox on the market. ESR, as noted by Mozilla [1], will not be
the most secure, will not be the most updated and will note be
the most supported. Additionally, we then get the updates to
core components and offer a leading edge browser rather than on
lagging by as many as 12 months. As I said earlier, ESR feels
like too much risk for too little reward.*



* Jason



[1] -*https://wiki.mozilla.org/Enterprise/Firefox/ExtendedSupport:Proposal#Risks


Risks

The
ESR will not have the benefit of large scale testing by
nightly and beta groups.*As a result, the potential
for the introduction of bugs which affect ESR users will be
greater, and that risk needs to be understood and accepted
by groups that deploy it. To help mitigate these risks,
Mozilla will be asking organizations that deploy the ESR for
assistance with testing alpha and/or beta builds of the ESR
with their user base.
Over
time, and ESR will be less secure than the regular release
of Firefox, as new functionality will not be added at the
same pace as Firefox, and only high-risk/impact security
patches will be backported. It is important that
organizations deploying this software understand and accept
this.








Hmm, okay. You have won the battle for this time.

I will inform the Vulcan High Command of my defeat.



Double thanks,

Viktor Basso

"Tea Earl Grey Hot"



--
ubuntu-desktop mailing list
ubuntu-desktop@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop

Alex Schoof 02-06-2012 01:00 PM

Why don't we use Mozilla ESR in Precise?
 
I disagree. If organizations (or individuals) want the latest and greatest, then they'll upgrade their ubuntu every 6 months and get the newest Firefox, unity, etc. The WHOLE POINT of an LTS release is that its a consistent, predictable platform where things won't just change out from under you.



If I'm an admin that rolls out 12.04 across my company, and make sure everything works, maybe write some custom tools against it, certify everything, and then one day while patching systems I see that the browser just got its version bumped? With zero warning, and no way to prevent it, my LTS systems all just had a major component jump by a major release. That is not cool.



I think we either need to hold major versions fixed, or reevaluate what "long term support " means.


Cheers,


Alex

On Feb 6, 2012 6:51 AM, "Jason Warner" <jason.warner@canonical.com> wrote:


On Mon, Feb 6, 2012 at 10:02 PM, Viktor Basso <viktor@basso.cc> wrote:



Yes!

The LTS should be secure, stable and supported. Not "better, faster, braver" as Jason pointed out.
And what if we could be both? ;) In fact, we can. By embracing Firefox proper rather than ESR, we are getting the current browser that will get security updates and thorough testing as well as being the most stable, secure and supported Firefox on the market. ESR, as noted by Mozilla [1], will not be the most secure, will not be the most updated and will note be the most supported. Additionally, we then get the updates to core components and offer a leading edge browser rather than on lagging by as many as 12 months. As I said earlier, ESR feels like too much risk for too little reward.*



* Jason
[1] -*https://wiki.mozilla.org/Enterprise/Firefox/ExtendedSupport:Proposal#Risks





Risks


The ESR will not have the benefit of large scale testing by nightly and beta groups.*As a result, the potential for the introduction of bugs which affect ESR users will be greater, and that risk needs to be understood and accepted by groups that deploy it. To help mitigate these risks, Mozilla will be asking organizations that deploy the ESR for assistance with testing alpha and/or beta builds of the ESR with their user base.


Over time, and ESR will be less secure than the regular release of Firefox, as new functionality will not be added at the same pace as Firefox, and only high-risk/impact security patches will be backported. It is important that organizations deploying this software understand and accept this.




--

ubuntu-desktop mailing list

ubuntu-desktop@lists.ubuntu.com

https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop



--
ubuntu-desktop mailing list
ubuntu-desktop@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop

Tobia Tesan 02-06-2012 01:10 PM

Why don't we use Mozilla ESR in Precise?
 
Il 06/02/2012 15:00, Alex Schoof ha scritto:


The WHOLE POINT of an LTS release is that its a consistent,
predictable platform where things won't just change out from under you.


If I'm an admin that rolls out 12.04 across my company, and make sure
everything works, maybe write some custom tools against it, certify
everything, and then one day while patching systems I see that the
browser just got its version bumped? With zero warning, and no way to
prevent it, my LTS systems all just had a major component jump by a
major release. That is not cool.


I think we either need to hold major versions fixed, or reevaluate
what "long term support " means.




As an admin, I have to say this is IMHO by far the reasonable way to see
the question.


Cheers

--
Tobia Tesan
<tobia.tesan@gmail.com>
The wages of sin are unreported.


--
ubuntu-desktop mailing list
ubuntu-desktop@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop

Jeremy Bicha 02-06-2012 02:23 PM

Why don't we use Mozilla ESR in Precise?
 
On 6 February 2012 06:50, Jason Warner <jason.warner@canonical.com> wrote:
>
>
> On Mon, Feb 6, 2012 at 10:02 PM, Viktor Basso <viktor@basso.cc> wrote:
>>
>> Yes!
>> The LTS should be secure, stable and supported. Not "better, faster,
>> braver" as Jason pointed out.
>
>
> And what if we could be both? ;) In fact, we can. By embracing Firefox
> proper rather than ESR, we are getting the current browser that will get
> security updates and thorough testing as well as being the most stable,
> secure and supported Firefox on the market. ESR, as noted by Mozilla [1],
> will not be the most secure, will not be the most updated and will note be
> the most supported. Additionally, we then get the updates to core components
> and offer a leading edge browser rather than on lagging by as many as 12
> months. As I said earlier, ESR feels like too much risk for too little
> reward.
>
> Jason
>
> [1]
> - https://wiki.mozilla.org/Enterprise/Firefox/ExtendedSupport:Proposal#Risks
>
> Risks
>
> The ESR will not have the benefit of large scale testing by nightly and beta
> groups. As a result, the potential for the introduction of bugs which affect
> ESR users will be greater, and that risk needs to be understood and accepted
> by groups that deploy it. To help mitigate these risks, Mozilla will be
> asking organizations that deploy the ESR for assistance with testing alpha
> and/or beta builds of the ESR with their user base.
> Over time, and ESR will be less secure than the regular release of Firefox,
> as new functionality will not be added at the same pace as Firefox, and only
> high-risk/impact security patches will be backported. It is important that
> organizations deploying this software understand and accept this.

I support the decision of the Ubuntu Mozilla developers to ship
basically the same Firefox on all supported Ubuntu releases. While at
first glance, it may sound like a bad idea, the new Rapid Releases are
actually more reliable and better tested than the old pre-Firefox 4
releases were. Everyone that runs the development release of Ubuntu
(Precise at the moment) and those who opt in to the PPA test what is
basically a release candidate for 6 weeks. This is far more than the
week or so of testing that other releases got.

Do you have any idea how many people will test the 10.0.1 update that
will include some of Firefox 11's security updates (I expect certain
security improvements will be too complex to attempt to backport)? Far
fewer than will test Firefox 11 and probably for far less time than
the 6 weeks Firefox 11 is tested. (And that even ignores the 6
additional weeks of "alpha" testing where no new features are supposed
to land and the weeks of nightly testing.)

There's also a persistent problem with manpower in both Ubuntu's
Mozilla & Chromium teams and shipping multiple versions of these apps
every few weeks would be a significant increase in work for very
little benefit. We can't even ship Firefox 10.0.1 to LTS users until
it's been tested for several days. Each day we delay for QA is a day
that Ubuntu users are at risk from known security bugs. It's a
misconception that Firefox 10.0.* will be any more tested or any safer
than the normal Firefox releases and in fact, I believe the opposite
to be true.

The Firefox update policy in Ubuntu now matches what's already been
happening with Chromium for a long time. Both are also listed on
https://wiki.ubuntu.com/StableReleaseUpdates/MicroReleaseExceptions .
Chris Coulson has also blogged about this, and I also contacted him to
verify what was going to happen as it surprised me too at first read
until I thought through things a bit more.

Jeremy

--
ubuntu-desktop mailing list
ubuntu-desktop@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop

Alex Schoof 02-06-2012 03:25 PM

Why don't we use Mozilla ESR in Precise?
 
Is the concern that high-severity patches wont be backported from Firefox 11 (or 12 or 13 or 14...)? We should be getting high-severity patches from upstream through the ESR lifecycle (http://www.mozilla.org/en-US/firefox/organizations/faq/)


People run their businesses on LTS releases. They need to know that if they dump dev and ops time into building some custom line of business app against an LTS release (think internal ticketing add-on for firefox), that they're business-critical code isnt going to break because a new major release of firefox came out and changed some internal API or something.


If we can GUARANTEE that the next 7 releases of Firefox (until the next ESR) will ALL be backwards-compatible with no changes to web and add-on APIs, etc, then I fully support always shipping the latest Firefox. On the other hand, if we can't make that promise, then LTS should be shipping the ESR release, which will be api-stable and get updates from upstream through its lifecycle.


I feel like we're getting to a level with web apps that bumping the version of the browser in an "enterprisy" LTS-type release would be like shipping a new version of gcc or java mid-release, at best it makes people nervous, at worst it causes outages.


Cheers,

Alex

On Mon, Feb 6, 2012 at 10:23 AM, Jeremy Bicha <jbicha@ubuntu.com> wrote:

On 6 February 2012 06:50, Jason Warner <jason.warner@canonical.com> wrote:

>

>

> On Mon, Feb 6, 2012 at 10:02 PM, Viktor Basso <viktor@basso.cc> wrote:

>>

>> Yes!

>> The LTS should be secure, stable and supported. Not "better, faster,

>> braver" as Jason pointed out.

>

>

> And what if we could be both? ;) In fact, we can. By embracing Firefox

> proper rather than ESR, we are getting the current browser that will get

> security updates and thorough testing as well as being the most stable,

> secure and supported Firefox on the market. ESR, as noted by Mozilla [1],

> will not be the most secure, will not be the most updated and will note be

> the most supported. Additionally, we then get the updates to core components

> and offer a leading edge browser rather than on lagging by as many as 12

> months. As I said earlier, ESR feels like too much risk for too little

> reward.

>

> * Jason

>

> [1]

> - https://wiki.mozilla.org/Enterprise/Firefox/ExtendedSupport:Proposal#Risks

>

> Risks

>

> The ESR will not have the benefit of large scale testing by nightly and beta

> groups. As a result, the potential for the introduction of bugs which affect

> ESR users will be greater, and that risk needs to be understood and accepted

> by groups that deploy it. To help mitigate these risks, Mozilla will be

> asking organizations that deploy the ESR for assistance with testing alpha

> and/or beta builds of the ESR with their user base.

> Over time, and ESR will be less secure than the regular release of Firefox,

> as new functionality will not be added at the same pace as Firefox, and only

> high-risk/impact security patches will be backported. It is important that

> organizations deploying this software understand and accept this.



I support the decision of the Ubuntu Mozilla developers to ship

basically the same Firefox on all supported Ubuntu releases. While at

first glance, it may sound like a bad idea, the new Rapid Releases are

actually more reliable and better tested than the old pre-Firefox 4

releases were. Everyone that runs the development release of Ubuntu

(Precise at the moment) and those who opt in to the PPA test what is

basically a release candidate for 6 weeks. This is far more than the

week or so of testing that other releases got.



Do you have any idea how many people will test the 10.0.1 update that

will include some of Firefox 11's security updates (I expect certain

security improvements will be too complex to attempt to backport)? Far

fewer than will test Firefox 11 and probably for far less time than

the 6 weeks Firefox 11 is tested. (And that even ignores the 6

additional weeks of "alpha" testing where no new features are supposed

to land and the weeks of nightly testing.)



There's also a persistent problem with manpower in both Ubuntu's

Mozilla & Chromium teams and shipping multiple versions of these apps

every few weeks would be a significant increase in work for very

little benefit. We can't even ship Firefox 10.0.1 to LTS users until

it's been tested for several days. Each day we delay for QA is a day

that Ubuntu users are at risk from known security bugs. It's a

misconception that Firefox 10.0.* will be any more tested or any safer

than the normal Firefox releases and in fact, I believe the opposite

to be true.



The Firefox update policy in Ubuntu now matches what's already been

happening with Chromium for a long time. Both are also listed on

https://wiki.ubuntu.com/StableReleaseUpdates/MicroReleaseExceptions .

Chris Coulson has also blogged about this, and I also contacted him to

verify what was going to happen as it surprised me too at first read

until I thought through things a bit more.



Jeremy



--

ubuntu-desktop mailing list

ubuntu-desktop@lists.ubuntu.com

https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop



--


Alex Schoof

--
ubuntu-desktop mailing list
ubuntu-desktop@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop

Micah Gersten 02-06-2012 04:55 PM

Why don't we use Mozilla ESR in Precise?
 
On 02/06/2012 05:49 AM, Jo-Erlend Schinstad wrote:
On 06.
feb. 2012 10:22, Jason Warner wrote:


Hi All -




Firefox ESR is indeed interesting, and it would seem to answer
some of the question corporations might have about Firefox, but
I think it is less interesting for Ubuntu.







You have to understand that my original post was not meant as a
proposal, but as an open question. If Ubuntu now prefers the rapid
release pace of Firefox and Thunderbird, then it doesn't bother me
that much. But it does represent a shift in strategy. 10.04 has
used 3.6 until very recently when it became unsupported. The
reason that was given for not upgrading it, was the SRU process.
The reason that was given for starting to upgrade Firefox in a
rapid pace afterwards, was that Mozilla had changed their support
strategy and that it wouldn't be feasible to backport the
necessary security patches to old versions. But now, Mozilla has
changed their support strategy again, making it unnecessary to
circumvent the norms.




Now this becomes a question of communication, which to me is the
biggest weakness Ubuntu has that we can do something about. If
this is an active decision, then I would be interested to know
when it was made and why we haven't heard anything about it. This
is a significant shift, and though I try to pay close attention to
what's going on, it came as a complete surprise to me. I looked
for blueprints, but I couldn't find any;
https://blueprints.launchpad.net/ubuntu/precise?searchtext=firefox.
It is bad communication, and we need to improve. I really don't
like those surprises. I spend a fair amount of time writing
articles and participating in discussions, in an effort to reduce
some of the misunderstandings that will always be a part of FOSS.
Because development is high pace and developers doesn't always
have time, or even skills, to write comprehensible non-tech
articles explaining why and how. When things like that suddenly
changes without notice, then it can easily make what I write,
wrong. In that case, my contributions, instead of being a small
part of a small solution, becomes a bigger part of a big problem.
I don't think I have to explain why that's demoralizing.




Consider documentation writers. You've spent a few hours writing
some paragraphs or pages explaining why Ubuntu doesn't use the
newest version of Firefox. You're satisfied that your explanation
really does explain and is comprehensible by anyone. That's not
easy. It's hard work. So you commit. Then translators begin
working on it. And translating single strings is not always that
difficult, but translating an article, is. You finish two months
ahead of schedule.




But then someone makes a silent little decision, and instead of
being two months ahead, you're suddenly two years outdated. Bad
communication hurts both enthusiasm and the finished product. We
need predictability.




As usual, this has become much longer than I had intended. Let me
finish by making a proposal. Let's use the ESR versions by default
in LTS versions of Ubuntu, and add a package called something like
firefox-fastpace for those who want that. This way, we don't
disrupt the stability and predictability that is so attractive to
those who chooses LTS versions, but also make it easy for those
who do want to be on the cutting edge of the browser developments.
When upgrading from an LTS to a non-LTS, the user should be asked
if the ESR version should still be used, or switch to the fast
pace version.




Thanks for reading,




Jo-Erlend Schinstad







There was a UDS session on this [1] which I lead.* I was originally
of the opinion that the ESR for LTS releases was the best course of
action.* However, my wise colleagues have shown me that I was
mistaken.* I thought it would be just like 3.6 (stable ABI, still
getting High/Critical fixes).* The problems are:


High/Critical fixes will be backported only if it's not too
difficult (whatever that means)
There are usually new security features with each rapid
release
No large testing base as Jason pointed out
Upgrades from ESR -> ESR will also be more shocking as UI
across 7 releases can change quite a bit
No guarantee of ESR existence past year 2 (or even that long
depending on how you read it)
No guarantee that the ESR is inherently a stable platform
(meaning that previously, you had a release that was frozen and
bug fixed for a while before it was stable, Firefox 10 was
stable enough for 6 weeks of life, but who says it's stable
enough for a year)
The ever changing web, we recently migrated Lucid and Maverick
to Rapid Release since Flash and some websites were breaking
with 3.6
The browser is one of the most exploited pieces of software on
Linux outside of the Kernel
(from Lucid Firefox 3.6 comparison) Why is Chromium so much
faster?




With all these reasons, it seemed clear that we don't want the
ESR in the LTS or any Ubuntu release.* We want to make sure that
our users have the best browsing experience possible.




Thank you,

Micah Gersten

Ubuntu Security Team

Ubuntu Mozilla Team





[1]
https://blueprints.launchpad.net/ubuntu/+spec/security-p-mozilla-lts



--
ubuntu-desktop mailing list
ubuntu-desktop@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop

Chris Coulson 02-07-2012 09:57 AM

Why don't we use Mozilla ESR in Precise?
 
On 06/02/12 17:55, Micah Gersten wrote:


On 02/06/2012 05:49 AM, Jo-Erlend Schinstad wrote:
On
06. feb. 2012 10:22, Jason Warner wrote:

Hi All -



Firefox ESR is indeed interesting, and it would seem to answer
some of the question corporations might have about Firefox,
but I think it is less interesting for Ubuntu.






You have to understand that my original post was not meant as a
proposal, but as an open question. If Ubuntu now prefers the
rapid release pace of Firefox and Thunderbird, then it doesn't
bother me that much. But it does represent a shift in strategy.
10.04 has used 3.6 until very recently when it became
unsupported. The reason that was given for not upgrading it, was
the SRU process. The reason that was given for starting to
upgrade Firefox in a rapid pace afterwards, was that Mozilla had
changed their support strategy and that it wouldn't be feasible
to backport the necessary security patches to old versions. But
now, Mozilla has changed their support strategy again, making it
unnecessary to circumvent the norms.



Now this becomes a question of communication, which to me is the
biggest weakness Ubuntu has that we can do something about. If
this is an active decision, then I would be interested to know
when it was made and why we haven't heard anything about it.
This is a significant shift, and though I try to pay close
attention to what's going on, it came as a complete surprise to
me. I looked for blueprints, but I couldn't find any; https://blueprints.launchpad.net/ubuntu/precise?searchtext=firefox.
It is bad communication, and we need to improve. I really don't
like those surprises. I spend a fair amount of time writing
articles and participating in discussions, in an effort to
reduce some of the misunderstandings that will always be a part
of FOSS. Because development is high pace and developers doesn't
always have time, or even skills, to write comprehensible
non-tech articles explaining why and how. When things like that
suddenly changes without notice, then it can easily make what I
write, wrong. In that case, my contributions, instead of being a
small part of a small solution, becomes a bigger part of a big
problem. I don't think I have to explain why that's
demoralizing.



Consider documentation writers. You've spent a few hours writing
some paragraphs or pages explaining why Ubuntu doesn't use the
newest version of Firefox. You're satisfied that your
explanation really does explain and is comprehensible by anyone.
That's not easy. It's hard work. So you commit. Then translators
begin working on it. And translating single strings is not
always that difficult, but translating an article, is. You
finish two months ahead of schedule.



But then someone makes a silent little decision, and instead of
being two months ahead, you're suddenly two years outdated. Bad
communication hurts both enthusiasm and the finished product. We
need predictability.



As usual, this has become much longer than I had intended. Let
me finish by making a proposal. Let's use the ESR versions by
default in LTS versions of Ubuntu, and add a package called
something like firefox-fastpace for those who want that. This
way, we don't disrupt the stability and predictability that is
so attractive to those who chooses LTS versions, but also make
it easy for those who do want to be on the cutting edge of the
browser developments. When upgrading from an LTS to a non-LTS,
the user should be asked if the ESR version should still be
used, or switch to the fast pace version.



Thanks for reading,



Jo-Erlend Schinstad






There was a UDS session on this [1] which I lead.* I was
originally of the opinion that the ESR for LTS releases was the
best course of action.* However, my wise colleagues have shown me
that I was mistaken.* I thought it would be just like 3.6 (stable
ABI, still getting High/Critical fixes).* The problems are:


High/Critical fixes will be backported only if it's not too
difficult (whatever that means)
There are usually new security features with each rapid
release
No large testing base as Jason pointed out
Upgrades from ESR -> ESR will also be more shocking as UI
across 7 releases can change quite a bit
No guarantee of ESR existence past year 2 (or even that long
depending on how you read it)
No guarantee that the ESR is inherently a stable platform
(meaning that previously, you had a release that was frozen
and bug fixed for a while before it was stable, Firefox 10 was
stable enough for 6 weeks of life, but who says it's stable
enough for a year)
The ever changing web, we recently migrated Lucid and
Maverick to Rapid Release since Flash and some websites were
breaking with 3.6
The browser is one of the most exploited pieces of software
on Linux outside of the Kernel
(from Lucid Firefox 3.6 comparison) Why is Chromium so much
faster?




With all these reasons, it seemed clear that we don't want the
ESR in the LTS or any Ubuntu release.* We want to make sure that
our users have the best browsing experience possible.




Thank you,

Micah Gersten

Ubuntu Security Team

Ubuntu Mozilla Team





[1] https://blueprints.launchpad.net/ubuntu/+spec/security-p-mozilla-lts









Hi,



Thanks for all of your comments and opinions. Of course, I support
our decision to not offer the Firefox ESR by default in the Ubuntu
LTS.* I've tried to explain the reasons why I think that this is a
good thing in http://www.chriscoulson.me.uk/blog/?p=111.



Regards

Chris



--
ubuntu-desktop mailing list
ubuntu-desktop@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop


All times are GMT. The time now is 03:20 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.