Firefox in Breezy (1.0.8), and security support
Matt Zimmerman
mdz at ubuntu.com
Wed Jun 7 19:43:46 BST 2006
On Wed, Jun 07, 2006 at 03:54:43PM +0100, Ian Jackson wrote:
> options, I can think of at least the following options for Ubuntu:
> - End support for Breezy.
> - End security support for web browsing in Breezy with
> some appropriately scary announcement.
These are not an option; we have made a commitment to continue to support
Ubuntu 5.10 for another year.
> - Attempt to address only known vulnerabilities (inventing new fixes
> as described above) and hope that this is sufficient.
> - Provide a version of firefox 1.5.0.4 in breezy-security.
Whichever of these provides the most stability would be my preferred option.
> - Ignore the problem completely, do nothing, and hope no-one notices.
Not an option.
> - Try to form some kind of consortium with other distros to do
> security support for some or all obsolete products
> (perhaps just firefox 1.0.8, perhaps others too).
This is orthogonal to solving the immediate problem, but seems worthwhile.
security-group at mozilla.org might be a good place to reach others who are
working on the same problem.
> - Persuade Mozilla to change their mind about ending security
> support for 1.0.8.
Also orthogonal, but unlikely to succeed. Can't hurt to ask, of course.
> If we are careful with review of the _packaging_ arrangements as
> opposed to the _code_ arrangements, we should be able to avoid too
> much damage, and careful testing will help too. So I think we
> should be able to provide a reasonable user experience.
>
> This model could also be used well into the future, especially
> considering the LTS requirement for Dapper. If we know in advance
> that this is what our plan is, we can prepare, carefully test, and
> then finally deploy a future Firefox 2.0 into dapper-updates and
> dapper-security, before we are forced into the position of having to
> delay while we think of a way to deal with a pressing security
> problem.
We have already pushed new upstream versions of Firefox in similar
situations, and I'm open to doing so again if stability and quality are
preserved.
--
- mdz
More information about the ubuntu-devel
mailing list