LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

September 2011

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS September 2011

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Firefx EOL - was Re: need list of firefox4 rpms from fedora people
From:	Dr Andrew C Aitchison <[log in to unmask]>
Reply To:	Dr Andrew C Aitchison <[log in to unmask]>
Date:	Sun, 4 Sep 2011 08:29:43 +0100
Content-Type:	TEXT/PLAIN
Parts/Attachments:	TEXT/PLAIN (80 lines)

On Sat, 3 Sep 2011, Tom H wrote:

> On Sat, Sep 3, 2011 at 10:57 AM, Andrew Z <[log in to unmask]> wrote:
>> Tom H <[log in to unmask]> wrote:
>>> On Sat, Sep 3, 2011 at 1:16 AM, Todd And Margo Chester
>>> <[log in to unmask]> wrote:
>>>>
>>>> If any of you are still running 64 bit firefox4 from Fedora people on
>>>> sl6.x,
>>>>
>>>> http://repos.fedorapeople.org/repos/leigh123linux/firefox4/epel-6/x86_64/
>>>> (which has been taken down)
>>>
>>> Have you read
>>> http://repos.fedorapeople.org/repos/leigh123linux/firefox4/readme
>>
>> So what do we use instead ? I was going to upgrade to 4 this wknd...
>
> The same person has also packaged FF5 and FF6 for EL6
> http://repos.fedorapeople.org/repos/leigh123linux/
>
> I don't know for how much longer he's going to be able to package
> newer and newer FF versions that'll be compatible with SL6 but here's
> the  Mozilla schedule. FF7'll be out at teh end of September. There
> are no EOLs listed though.
>
> https://wiki.mozilla.org/RapidRelease/Calendar

EOLs are mentioned at the end of
 	https://wiki.mozilla.org/RapidRelease

-----
This section clarifies some questions that have come up about the 
relationship between Firefox 4 and older and Firefox 5.

     * 5.0 and newer processes will not be "backported" onto 4.0.x and 
older releases

     * there will be 4.0.x releases and chemspill handling
           o branch team is taking over for 4.0.1
     * there will be 3.6.x and 3.5.x releases and chemspill handling

End-of-Life:

     * As part of the faster cadence, FF5.0 automatically EOL's when FF6.0 
is released with users getting silent updates.
     * For the previous FF4.0.x, FF3.6.x, FF3.5.x releases, we had 
different policy in place at the time of release. While there were 
problems with the previous policy, we still need to respect other projects 
(and the users) that still depend on these older code lines.
     * We need a working policy for when to end-of-life these 3 older 
release branches
           o how much longer do we plan to generate security releases for 
these?
           o what is the deciding metric to use to cutoff? By time? by 
"number of users remaining"? By "% of overall userbase"?
           o any metric that measures number of users remaining needs to 
also include specific cadence for prompted/advertised Major Updates.

-----

Thus each firefox is EOL as soon as a newer major release comes out,
ie each released firefox is EOL six weeks after it is released.
FF3 is special since it was released

Looking at
http://www.mozilla.org/security/known-vulnerabilities/firefox.html
http://www.mozilla.org/security/known-vulnerabilities/firefox35.html
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html
I see that the Digitar certificates patch went into 3.6.21 and 6.0.1
but no ff4 or ff5 appears to have been patched, nor any 3.5,
which supports the "EOL six weeks after release" theory.

I think our options are to return to Firefox 3.6, accept the six week
churn or find another browser. Most unsatisfactory.

-- 
Dr. Andrew C. Aitchison		Computer Officer, DPMMS, Cambridge
[log in to unmask]	http://www.dpmms.cam.ac.uk/~werdna

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV