Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 550424 - www-client/firefox - please bump it on time or mask/remove non-ESR ebuilds
Summary: www-client/firefox - please bump it on time or mask/remove non-ESR ebuilds
Status: RESOLVED OBSOLETE
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal enhancement with 2 votes (vote)
Assignee: Mozilla Gentoo Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-05-26 00:29 UTC by Alexandre Rostovtsev (RETIRED)
Modified: 2022-05-10 22:08 UTC (History)
11 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandre Rostovtsev (RETIRED) gentoo-dev 2015-05-26 00:29:31 UTC
Recently, the mozilla team has been rather late with non-ESR firefox bumps.

38.0 was released on 2015-05-12; two weeks later we still don't have any 38.0.x ebuilds in portage.

37.0 was released on 2015-03-31; first 37.0.x ebuild landed in portage on 2015-04-05.

For the vast majority of ebuilds in the tree, weeks/months late version bumps are expected and users are used to it. But for a small number of critical packages - chromium, firefox, apache, openssl - waiting more than a day or two for a security fix is a sign that something is very wrong.

You may reply that 37 and 38 are ~arch, and there are no guarantees in ~arch. But while in Gentoo non-ESR is ~arch, an average user sees non-ESR as the expected and stable version and ESR as "the old buggy version that corporate IT forces me to use at work".

So firefox ~arch is in that special category where despite the keyword, lots of users are using it.

So please, consider the following:

* if you don't have enough active people - ask for help on the mailing list! There is a lot of frustration about late firefox bumps, you *will* get volunteers.

* if you do have enough active people but simply don't care about non-ESR - mask or remove them from the tree. To avoid giving users the impression that the versions of firefox which upstream considers stable are actually supported on Gentoo.
Comment 1 Rafał Mużyło 2015-05-26 17:59:45 UTC
...the initial report is even more funny, if you take into account that 38 is meant to become (barring major bugs) the new ESR.
Comment 2 boxcars 2015-05-26 18:53:05 UTC
According to https://bugs.gentoo.org/show_bug.cgi?id=549356#c7 the current situation is due to one person being out of commission temporarily.
If there is an ebuild for 38.0.2, it would be nice if someone could add it to the mozilla overlay or add it to the main tree, even if masked.
Comment 3 boxcars 2015-05-26 18:56:30 UTC
(In reply to boxcars from comment #2)

> If there is an ebuild for 38.0.2, 

Oops, s/2/1
Comment 4 Ian Stakenvicius (RETIRED) gentoo-dev 2015-05-27 03:52:26 UTC
OK everyone, firefox-38.0.1 is in mozilla overlay.  I haven't finished testing it, but i will move it into the main tree once I've done a few more compiles (likely about 12 hours from now).

(with any luck mozilla team lead will be back online by then too and can signoff, since i don't know if i took care of everything on his list that needed doing...  likely a revbump will follow later in the week)
Comment 5 Ian Stakenvicius (RETIRED) gentoo-dev 2015-05-27 19:24:08 UTC
38.0.1 committed to the tree.

Leaving bug open since it's actually about staffing issues rather than this particular version bump
Comment 6 . 2016-04-29 15:53:56 UTC
(In reply to Ian Stakenvicius from comment #5)
> Leaving bug open since it's actually about staffing issues rather than this
> particular version bump

Perhaps the title could be reworded to fit this purpose more appropriately.
Comment 7 Jory A. Pratt gentoo-dev 2017-08-26 17:55:39 UTC
If you feel I have closed your bug and it is still a current issue, please reopen and update it completely. We will not work bugs that have no ebuild in tree any longer or can not be reproduced with a current system.

Thank You for your support and understanding
The Mozilla Team
Comment 8 teefax 2018-04-21 15:51:05 UTC
This bug should be reopened. Firefox 59 was released almost six weeks ago, on 2018-03-13. The release fixes critical security vulnerabilities that can be exploited to run arbitrary code. Gentoo users are still vulnerable.

A working ebuild exists in the mozilla overlay but is not pushed to the main tree. I agree with the original comment: Either remove/mask Firefox 58 or push the updated ebuild.