tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: www/firefox-esr instead of www/firefox[0-9]*

On Tue, Dec 17, 2019 at 10:44:26AM -0500, Greg Troxel wrote:
> I don't understand how a single esr name would work.  What happens on
> older platforms where that single one doesn't build, and people want the
> previous esr?  If they are running an unversioned package, then they
> will have no package available, instead of getting an update to the one
> they are running.

It wouldn't. The idea is that the latest ESR release should always be
firefox-esr, while any versions that we're keeping around that are no
longer supported upstream can retain the version suffix. Basically,
that means firefox52.

I don't think that there should be a possibility to install Firefox 52
by accident when you're expecting the latest, supported ESR release.
It's a security nightmare.

I've been making sure the latest stable branch gets backports when the
latest ESR version gets a new release - I don't do it for any others.

Currently that is firefox68, which is still receiving security updates
from upstream.

You also need to transfer profiles when there's a change in the version
right now. That's not obvious to do with Firefox's UI (you have to go to
some about: page) and is very annoying for the main use case of ESR -
having a more conservative branch of Firefox where you stay on the latest
version to continue getting security patches without any other stuff.

Presumably this makes it more difficult to use pkgsrc ESR in enterprise
deployments where lots of installations are managed centrally, which is
ESR's reason for existing. No other vendor does it the way we do for
good reasons.

Home | Main Index | Thread Index | Old Index