Recently, the mozilla team has been rather late with non-ESR firefox bumps. 38.0 was released on 2015-05-12; two weeks later we still don't have any 38.0.x ebuilds in portage. 37.0 was released on 2015-03-31; first 37.0.x ebuild landed in portage on 2015-04-05. For the vast majority of ebuilds in the tree, weeks/months late version bumps are expected and users are used to it. But for a small number of critical packages - chromium, firefox, apache, openssl - waiting more than a day or two for a security fix is a sign that something is very wrong. You may reply that 37 and 38 are ~arch, and there are no guarantees in ~arch. But while in Gentoo non-ESR is ~arch, an average user sees non-ESR as the expected and stable version and ESR as "the old buggy version that corporate IT forces me to use at work". So firefox ~arch is in that special category where despite the keyword, lots of users are using it. So please, consider the following: * if you don't have enough active people - ask for help on the mailing list! There is a lot of frustration about late firefox bumps, you *will* get volunteers. * if you do have enough active people but simply don't care about non-ESR - mask or remove them from the tree. To avoid giving users the impression that the versions of firefox which upstream considers stable are actually supported on Gentoo.
...the initial report is even more funny, if you take into account that 38 is meant to become (barring major bugs) the new ESR.
According to https://bugs.gentoo.org/show_bug.cgi?id=549356#c7 the current situation is due to one person being out of commission temporarily. If there is an ebuild for 38.0.2, it would be nice if someone could add it to the mozilla overlay or add it to the main tree, even if masked.
(In reply to boxcars from comment #2) > If there is an ebuild for 38.0.2, Oops, s/2/1
OK everyone, firefox-38.0.1 is in mozilla overlay. I haven't finished testing it, but i will move it into the main tree once I've done a few more compiles (likely about 12 hours from now). (with any luck mozilla team lead will be back online by then too and can signoff, since i don't know if i took care of everything on his list that needed doing... likely a revbump will follow later in the week)
38.0.1 committed to the tree. Leaving bug open since it's actually about staffing issues rather than this particular version bump
(In reply to Ian Stakenvicius from comment #5) > Leaving bug open since it's actually about staffing issues rather than this > particular version bump Perhaps the title could be reworded to fit this purpose more appropriately.
If you feel I have closed your bug and it is still a current issue, please reopen and update it completely. We will not work bugs that have no ebuild in tree any longer or can not be reproduced with a current system. Thank You for your support and understanding The Mozilla Team
This bug should be reopened. Firefox 59 was released almost six weeks ago, on 2018-03-13. The release fixes critical security vulnerabilities that can be exploited to run arbitrary code. Gentoo users are still vulnerable. A working ebuild exists in the mozilla overlay but is not pushed to the main tree. I agree with the original comment: Either remove/mask Firefox 58 or push the updated ebuild.
