Is Ubuntu going to adapt Ice Weasel?

[Daniel Robitaille]

On Sat, 2006-07-10 at 11:51 -0700, Daniel Robitaille wrote:
>
> Half the time I end up using the binary from mozilla.org
> because I want the latest security upgrades (without waiting for days),
> or I want to use a newer version than the one provided by Ubuntu (for
> example, I run FF 2 on Dapper).

Since I was curious to put numbers on my statement, here are the dates
for the last 4 updates to Firefox 1.5 from Mozilla.org and from Ubuntu:

	   Mozilla.org 	    Ubuntu
1.5.0.7     Sep 15 2006    Sep 22 2006 (USN-351-1) Dapper
                           Oct  2 2006 (USN-354-1) Breezy
1.5.0.6     Aug  2 2006  (Windows-only update)
1.5.0.5     Jul 26 2006    Jul 27 2006 (USN-327-1) Dapper
1.5.0.4     Jun  1 2006    Jun  9 2006 (USN-296-1) Dapper

While I really appreciate the work of Martin and others for the security
of Ubuntu, a web browser is probably the most vulnerable aspect of the
security of a system for most users:  it is a very often used piece of
software, and once a security vulnerability is in the wild, who knows
how many shady web sites will "implement" the vulnerability.  For that
reason  if mozilla.org announces new security version, more often than
not I'll install the firefox binary from them instead of waiting for
Ubuntu's update.  In the last 3 Dapper updates  one was within a day,
but two were available only after a week; I'm personally not comfortable
with waits of that length for the security of my users.  I tend to
believe that if we were to use a Firefox a lot closer to the version
available from mozilla.org, we could decrease these unsecure periods in
a more systematic fashion, with less man power spent on the effort and
increase the security of the Ubuntu users in general.