Firefox 1.03?

Lloyd D Budd foolswisdom at gmail.com
Sat May 7 05:41:08 UTC 2005


On 5/5/05, Matt Zimmerman <mdz at ubuntu.com> wrote:
> On Sun, Apr 24, 2005 at 03:37:21PM +0800, zer0halo wrote:
> 
> > It seems to me that it would be much less confusing for the user if Ubuntu
> > were to simply release a security update for Hoary called firefox 1.0.3.
> > Even if the security issues for Firefox 1.0.3 were fixed in the Ubuntu
> > 1.0.2 release, how is the user supposed to know that? All the user (like
> > me) knows is that mozilla releases a 1.0.3 security update to fix
> > important vulnerabilities, so for all I know, my ubuntu 1.0.2. still has
> > those vulnerabilities. My inclination is to ditch the Ubuntu version and
> > just download and use the bin distributed by mozilla. But obviously that's
> > not the best solution. Plus even if ubuntu-1.0.2. is secure, how do I
> > convince my IT manager of that?  Really, it shouldn't be difficult for
> > Ubuntu to release 1.0.3. as a security patch for Hoary.
> 
> In general, the reason why we backport isn't that it would be more
> difficult to update to a newer version (in fact, the reverse is often true).
> It's that our intention is to fix the security issue without introducing new
> bugs, or other unexpected changes which would be disruptive in a stable
> release.

You all do fantastic work !

In general your current process is the most sensible .  In the case of
firefox , this thread , and the number of people likely using
"backports" specifically because of Firefox , it may make more sense
to go to the moz.org release .

Other factors include :
* Firefox is the one application who's version number is known by everyone ;-)
* moz.org has been very good about only putting security fixes in
their "security updates"
* the exception makes the rule ;-)


Thanks for Ubuntu .  
Please drop the "Linux for Human Beings" , gross !

-- 
Peace be in you ,
Lloyd D Budd




More information about the ubuntu-users mailing list