firefox 1.0.5?

[Judd Pickell]

Even the best system in the world for managing versions doesn't help
the problem that distributions have. The main reason that
distributions take so long to release is because it takes alot of work
to make sure the distro works. Which means at one point or another
they have to grab whatever the latest version is of the app they want
to include and freeze it. Once the entire distro is frozen, then it is
put through the paces, and any issues that can be resolved are taken
care of and app files are modified to fix inconsistencies.

This is the one area where Linux needs some serious work, but there is
no easy way to solve the problem. An app could be updated to fix a
security problem, app execution issue or just general feel good fix,
but to do so they may have included a new lib set that isn't either
built for the distro involved or maybe hasn't updated for that distro.
This causes the app to be broken when someone runs the straight
update, and this email list and the forums get flooded with
complaints. Since this is an undesirable situation, they avoid this by
not releasing updates the second an app releases an update.

As for the Firefox situation, I believe there is a different problem
all together, they have been accused of holding out on giving out the
code necessary to make updates to distro apps in a timely manner. If
they don't get it out to the deb/Ubuntu dev groups to get into the
update process quickly, there is no way to get the browser updates to
the end users in a timely manner; thus leaving us with the current
situation.

I hope that this situation will be fixed, but I have not heard either
way since the issue was first reported when 1.0.3/4 came out.

Sincerely,
Judd Pickell 


On 7/14/05, bike_oz <bike_oz at yahoo.com.au> wrote:
>  I think everyone understands that 
>  a) Security patching needs to be done
>  b) It does make sense that if new features aren't added the version number
> shouldn't change
>  c) if other apps/sites use the version no. to determine if a product has a
> specific capability or fix then this can be very confusing and
> non-productive for end users (particularly the less technical ones) to try
> and work around.
>  
>  To me this means there may be a need to do versioning in a different way to
> traditional apps that are designed, built and released by one firm.  I'm
> sure this is too simplistic and therefore not workable in the long run but
> maybe open source software should have 2 version numbers. A security level
> and a feature level. Then site admins and others can use either or both
> numbers where necessary to determine if an application has the required
> capabilities.
>  
>  Regards Russell
> 
>  
>  On Fri, 2005-07-15 at 13:29 +1000, James Livingston wrote: 
>  On Fri, 2005-07-15 at 00:43 +0100, Dick Davies wrote:
> > Also, is there a sensible reason not to just bump the firefox 
> > packages up to the latest versions rather than backporting all
> > the time? It would make it so much easier to check if you were
> > up to date.
> 
> Two main reasons: a) the new versions of Firefox contain new features,
> which themselves could contain new security holes and b) if this got
> done for Firefox, why not every other package in Ubuntu?
> 
> 
> Cheers,
> 
> James "Doc" Livingston 
> 
>  
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> http://lists.ubuntu.com/mailman/listinfo/ubuntu-users
> 
> 
>