On Fri, Feb 3, 2012 at 1:40 PM, John Andersen <jsamyth@gmail.com> wrote:
On 2/3/2012 9:06 AM, David C. Rankin wrote:
On 02/02/2012 06:40 AM, Wolfgang Rosenauer wrote:
We are aware of the ESR releases and the lifetime of the FF3.6 and TB3.1 series. What we haven't discussed in detail yet is if we want those and stay on them in the official update channel for openSUSE!
Hmm...
Since opensuse isn't a rolling-release (yet), I would propose that the update repo move to 10 and hold there for ff & tb. This will draw howls from those whose favorite add-ons are broken by the update from 3.6->10, but if the XSS security considerations warrant it, it is better to have opensuse's reputation for 'security' within its 'maintained' (not yet EOL) releases take precedent over the add-on consideration. Other than add-ons, the upgrade path from 3.6 -> 10 is seamless.
In summary:
http://ftp5.gwdg.de/pub/opensuse/update/ (move to 10 and stick for LTS)
http://ftp5.gwdg.de/pub/opensuse/repositories/mozilla/ (continue to follow the rapid-fire releases)
You don't want distrowatch footnoting that some supported versions contain serious vulnerabilities.
Just my take on the issue.
I fully agree. Having two choices seems rational, and most of the plugin issues have gone away anyway by the time you get to 10.
Since every mail account I use is IMAP, swapping out one MUA for another is not a problem. I might feel differently if I was still running POP accounts. (why would I run pop?)
There is really not that much that OpenSuse does to stock TB anyway, other than packaging. I seriously doubt they have the time to evaluate every line of code in every patch, so the "security" issue is mostly bogus in my mind.
Backporting real security fixes to something as old as 3.x is just as risky as updating to a later build.
This seems to be a political issue, perhaps there is some friction between Mozilla and Opensuse. We see wholesale adoption of many things way too soon, (systemd, entire kde 4.0, Pulse Audio, kmail2 etc. etc. etc.) but then we are stuck multiple releases back on Mozilla apps. Why the dichotomy?
There is no dichotomy. New releases of opensuse get leading edge software. Old releases maintain (in the main repos) the software they were released with. It's just that what is leading edge on the day of release is often old and not-supported 18 months later. Greg -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org