Firefox in Breezy (1.0.8), and security support

[Daniel Robitaille]

On 6/7/06, Ian Jackson <iwj at ubuntu.com> wrote:

>  - Provide a version of firefox 1.5.0.4 in breezy-security.
>  - Ignore the problem completely, do nothing, and hope no-one notices.
>  - Try to form some kind of consortium with other distros to do
>        security support for some or all obsolete products
>        (perhaps just firefox 1.0.8, perhaps others too).
>  - Persuade Mozilla to change their mind about ending security
>        support for 1.0.8.
> Most of these are unpalatable, very difficult, or both.
>
> I think by far the most attractive is to backport 1.5.0.4.  We know
> that this can be done (early Dapper 1.5.0.4's were obviously
> backports; I haven't checked backports.org but I don't see any
> fundamental problems).

A couple of comments:

*) I'm guessing that whatever version goes into breezy-security will
also go into Hoary-security?  Hoary currently contain mozilla-firefox
1.0.8; but I'm not sure how different that version is from Breezy's
1.0.8

*) As for the idea of a distro security consortium for Firefox
patches, what happened to the offering of Mozilla Corporation to offer
support for legacy product last April?

http://developer.mozilla.org/devnews/index.php/2006/04/12/sunset-announcement-for-fxtb-10x-and-mozilla-suite-17x/

"While the Mozilla Corporation product strategy continues to be
focused on the individual end-user, Mozilla will continue to work with
downstream enterprise-oriented distributors and support vendors to
provide a program to enable extended support for otherwise legacy
releases."

That sounds exactly what Ubuntu currenty needs for Hoary and Breezy's
Firefox/Thunderbird, and probably Dapper in a year or two  once
Firefox 1.5.x becomes obsolete and they only support Firefox 2.x.  As
anyone asked them about this offer (I'm guessing suspect how much it
would cost...)

-- 
Daniel Robitaille