On Tue, 2015-05-19 at 11:54 -0500, deoren wrote:
On 5/19/2015 10:07 AM, Robert Kaiser wrote:
Hi,
For example, with the MozillaFirefox package I noticed that the updated version (v38.0 or 38.0.1) is still not available via the standard repos as of the 20150516 snapshot. Is this an oversight, the conclusion that the security issues with v38.0 are minor, a lack of time or something else?
I can't speak for the openSUSE packaging situation, but given that I'm working for Mozilla and involved in the process of releases, I can tell you that 38.0.1 is not a security update. In fact, I think there's nothing really in that update that affects Linux, the main reason why we created it was a startup crash on some Windows systems. So in this case, there probably is not any good reason for openSUSE to even do a 38.0.1 update, other than because of the looks of the version number.
Cheers, KaiRo
Hi,
Thanks for the reply.
I mentioned 38.0.1 in the same breath as 38.0, which was mistake. I meant for the emphasis to be on v38.0 which I see listed as a security release. I meant to imply that providing v38.0 or 38.0.1 would would a current Mozilla Firefox package that has the latest security fixes.
I assume you're strictly talking Tumbleweed here (*). Security updates are incoming 'as fast as possible', but the process around Tumbleweed, including testing, can at times slow down substantially. As an example: MozillaFirefox has been submitted to openSUSE:Factory (the Tumbleweed integration/pre-test project) by Wolfgang on 2015-05-15T11:21:09. Then it entered some staging project (currently Staging :F) and is awaiting a full build including test media. Once the media is ready, it is handed off to openQA to ensure the new media works (there is a bit more in Staging:F than only Firefox, if we'd do one staging per app it would take forever to get anything through). so, yes, updates are prepared in time but the process can at times slow it a bit down to get to the users. We try to take the security relevance into account when handling stagings, and if something of high criticality is stalled, we certainly will try to find a way around this. Hope that explains a bit where the delay is coming from (*) for the regular maintained releases, the process is different of course. Best regards, Dominique -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org