Old Firefox versions discourage real-world testing of Ubuntu development versions

[Matt Ruffalo]

Hi all-

First, I apologize if I'm not sending this to the right place -- I have
no idea who exactly to contact about this, and thought this general
mailing list wasn't *too* bad a choice.

I use Kubuntu on all of my machines, though the specific flavor of
Ubuntu isn't too important in this discussion, and I've usually run
development versions of Kubuntu on my laptop, while preferring a more
stable version for my work and home desktops. I'm generally of the
opinion that "all-in" real-world usage is much more informative for
testing than booting an ISO image in a VM and poking around a bit, and
I'm happy to accept some occasional breakage from new/untested packages
in case it produces a useful bug report that keeps an issue from making
it into the release of some version of Ubuntu.

I would very much like to use the current development version of Kubuntu
17.10 on my laptop, but I'm very uneasy about this since 17.10 only
includes Firefox 50.1.0 in the ISO images (and no new versions are
installed through `apt update; apt full-upgrade`). As I understand it,
FIrefox 55 fixes some major security issues and there's no way I'd want
to use 50.1.0 for everyday browsing, which has the effect of making
17.10 unusable for testing via full-time usage.

I asked a similar question
(https://answers.launchpad.net/ubuntu/+source/firefox/+question/270358)
at Ubuntu Answers about two years ago, referencing what was the
development version of Ubuntu 15.10, and finally remembered/realized
that this might be worth bringing up to a wider audience. I feel that
some of my comments in that question still apply, like:

"""
I accept instability and frequent bugs/changes in development versions
of Kubuntu, which is why I have all of my systems configured to take
btrfs snapshots of all available subvolumes on every boot. I am quite
used to updates breaking my system and having to revert to a previous
snapshot, then waiting a few days to upgrade packages again. In all of
these cases, the bugs and instability that I am accustomed to are from
packages being too *new* and untested, not too *old* and containing
known security vulnerabilities that have been exploited in the wild. I
accept the responsibility for installing updates that might potentially
make my system inoperable, but this issue is about the *lack* of updates
in a critical package.

I believe that the best way to find bugs and issues in beta software is
to attempt to go "all in" and use it full-time as I am doing on my
laptop; booting an ISO in a VM and poking around a bit will likely not
expose any issues that will be found by real-world usage. As such, it
seems counterproductive to delay security updates to critical packages,
since this will unnecessarily deter people from doing thorough testing
and make it more likely that large issues will make it into the release
instead of being discovered earlier.

"""


Is there a specific policy or technical reason for Ubuntu development
versions to only receive Firefox updates in "proposed" instead of
"release" before a certain point? Updates in that channel are not
included in ISO images or available through normal apt-get updates.

If there is no policy or technical reason forbidding this, I would like
to respectfully request (as a user and prospective beta tester) that new
versions of Firefox be available in Ubuntu development versions shortly
after being published for released Ubuntu versions.

Thank you for your time,
MMR...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20170823/88ab6927/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 829 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20170823/88ab6927/attachment-0001.sig>