Am 03.02.2012 19:40, schrieb John Andersen:
There is really not that much that OpenSuse does to stock TB anyway, other than packaging. I seriously doubt they have the time to evaluate every line of code in every patch, so the "security" issue is mostly bogus in my mind.
Do we talk 3.1.x or rapid release here? For 3.1.x almost every line of code change is clear to us but for sure not for the rapid releases.
Backporting real security fixes to something as old as 3.x is just as risky as updating to a later build.
Yes, that's one of the reasons why 3.1 will be abandoned soon. Some/many security fixes need some kind of refactoring which is risky in any case.
This seems to be a political issue, perhaps there is some friction between Mozilla and Opensuse. We see wholesale adoption of many things way too soon, (systemd, entire kde 4.0, Pulse Audio, kmail2 etc. etc. etc.) but then we are stuck multiple releases back on Mozilla apps. Why the dichotomy?
Because we provide the choice and we have different maintainers for different parts of the distribution. I found it always a good choice to stick with a released version as long as possible w/o taking the risk to break user setups (or expectations) just for the sake of an upgrade. That's one reason why there is a mozilla repo which has the latest _stable_ stuff. So users have the choice. Also you are comparing different things. Or did you get your 11.3 systemd enabled recently or got kmail2 on 11.2 from official update channels? The current release model seems very sensible to me. Wolfgang -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org