tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: www/firefox-esr instead of www/firefox[0-9]*

I view it as two differnt variants of a browser, both sharing a common base,
but basically being a different product:

  - firefox (plain, no version) is on a fast moving release track
    (I guess upstream thinks the fast moving internet and changing
    attack scenarios require this). There is a single firefox at any
    given time, and it is always the latest (aka most secure)

  - firefox esr (plain, no version) is on a slightly slower moving
    release track but also gets the most important security fixes
    from upstream. There is only a single real ESR version, as that
    is what upstream supports.

Pkgsrc does not comply with this naming though.
And worse, now it gets muddy:

  - firefox52 and similar are outdated, insecure and no longer supported
    by upstream special versions. They exist for special reasons, like
    missing hardware or platform support, in the case of 52 for being the
    last release compilable without a rust compiler and also the last
    fully portable version.

In theory there could be multiple versions like 52, but right now there is
only a need for this special one.

IIUC Nia's point is that from an upstream, security and
user confusion point of view the first two (firefox and firefox-ESR)
are clearly what upstream defines them to be. Having any other "ESR"
versions (that really are ex-ESRs) buys nothing. If we need to keep
a special version that drops (in upstream view) out of ESR support, we
can renname it firefox$N, to make space for the new official ESR.

So I am all with Nia, let's have "firefox", "firefox-esr" and whatever
special versions are needed (currently only "firefox52").


Home | Main Index | Thread Index | Old Index