What happened:
I just had to uninstall TB3 because it didn't read one of the messages I
got from my linux-server. That's usual plain text message, nothing weird
in it. I had similar problems before for some other messages, but
usually they resolved by jumping back and forth several times from
message it didn't read to message it did. Today, no such luck.
So I uninstalled TB3 and re-installed TB2. Startup-times got smaller,
reading messages got fixed, no stupid "smart folders", offline settings
are correct ones etc.
Rant begins.
However apparently there is no support or development made for TB2 which
works just fine, but has at least one security hole (which is BTW fixed
in 2.0.0.24pre, and has been fixed for nearly, or is it over, a month now).
Abandoning TB2 in situation like this is like stopping making spare
parts for a car that is "old model", because there is new model that is
more shiny, but doesn't work, and forcing people to use this crappy
useless new product when their brakes need replacing.
I'm not going to upgrade to TB3 any day soon, so if there is another
security hole in TB2 then I will drop support for TB completely, and
tell reason for that to everyone in my organization. You *WILL* lose
around 100k potential users, probably more, if that ever happens.
Rant ends.
Timo Pietil�
I usually run into something like this 10 or 20 times a day after
updating to TB3, but restarting Thunderbird seems to clear the cache or
something and let the message load properly.
This is at least the second time in a month I've seen reference to
security issue where the poster didn't provide a precise citation. I can
appreciate you are excited, but it would help to know the exact issue
without having to ask for more information.
> Abandoning TB2 in situation like this is like stopping making spare
> parts for a car that is "old model", because there is new model that is
> more shiny, but doesn't work, and forcing people to use this crappy
> useless new product when their brakes need replacing.
>
> I'm not going to upgrade to TB3 any day soon, so if there is another
> security hole in TB2 then I will drop support for TB completely, and
> tell reason for that to everyone in my organization. You *WILL* lose
> around 100k potential users, probably more, if that ever happens.
> Rant ends.
>
> Timo Pietil�
There has been no change in the level of support for v2. So it seems to
me commenting in the bug may be a far better way to address your concerns.
--
http://wiki.mozilla.org/Thunderbird:Testing
http://www.spreadthunderbird.com/aff/165/
http://securityreason.com/achievement_securityalert/78
https://bugzilla.mozilla.org/show_bug.cgi?id=516862
https://bugzilla.mozilla.org/show_bug.cgi?id=516396
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0689
Hope those help.
Timo Pietil�
Have either of you two filed a bug and attached a testcase email to it?
Please reference it so we can look at it in-depth, as it sounds like
something we need to look at fixing in TB 3.
Standard8
That's very hard to reproduce, because it seems to be utterly and
totally random mail that behaves this way. There are simply no reason in
the mail itself that can cause this. For my system usual cause was
automatic alerts I got from one of my servers, but I get those a lot,
and it has happened to other messages too. And it can resolve itself
after some time by jumping between some other account/message and
problem-message.
So no "testcase email" can be provided. Only description what happens.
Please do what you have to do to 2.0.0.24pre and release it. 2.0.0.X
works better than 3. Is faster and is more reliable and less "look, I'm
shiny, I have lots of useless features" -bloatware. Also all extensions
and add-ons work in 2.0.0.X, which is not (yet) case with 3.X.
If you don't you start to lose users and reputation. It is *YOUR*
problem, not our problem.
Timo Pietil�
Ok, but could you at least try and get a clear description as to what is
happening on a bug? "didn't read" needs clarifying a bit - did it not
display the message, did it not list it, did it fail getting it from the
server?
> Please do what you have to do to 2.0.0.24pre and release it. 2.0.0.X
> works better than 3. Is faster and is more reliable and less "look, I'm
> shiny, I have lots of useless features" -bloatware.
We are currently looking into scheduling a .24 release.
We are also working on fixing reliability issues and the 3.0.1 release
will be out in a couple of days which includes a lot of fixes. We also
have a team monitoring our support channels who are feeding back
information into future development (of all branches).
> Also all extensions
> and add-ons work in 2.0.0.X, which is not (yet) case with 3.X.
That is expected and is pretty much normal practice as we can't force
add-on authors to update before the release. It is one of the main
reasons we don't push out an automatic, prompted, major update straight
after release (though users who wish to do so can use the check for
updates option to upgrade).
Standard8
Did that. It might be related to this:
https://bugzilla.mozilla.org/show_bug.cgi?id=522766
>> Please do what you have to do to 2.0.0.24pre and release it. 2.0.0.X
>> works better than 3. Is faster and is more reliable and less "look, I'm
>> shiny, I have lots of useless features" -bloatware.
>
> We are currently looking into scheduling a .24 release.
Great! As I have said in almost all of my messages dropping support from
working old product before new one is ready is just stupid.
> > Also all extensions
>> and add-ons work in 2.0.0.X, which is not (yet) case with 3.X.
>
> That is expected and is pretty much normal practice as we can't force
> add-on authors to update before the release. It is one of the main
> reasons we don't push out an automatic, prompted, major update straight
> after release (though users who wish to do so can use the check for
> updates option to upgrade).
In corporate environment newest is almost always to worst, and also TB3
tuning for corporate environment for migration purposes is ... interesting.
Corporates will stay on TB2 until TB3 is solid and relatively bug-free
and at least some "critical" add-ons work right (For example Finnish
dictionary which is based on Voikko-add on, doesn't work correctly in
TB3). Or they stop using TB completely. Either way is the right way.
Timo Pietil�
Dan
It felt that way, because it had been in ...pre -state for so long, and
there was security issue in ...23, which needed fixing. If you do
continue support for 2.x -series, that's great. I just suggest you put a
bit more effort in it, especially when there is security issues to be
fixed. That is, if it is possible.
Timo Pietil�
Dan
> I hear you; we'll support it as long as we think we reasonably can.
Any news on this front? 3.0.1 was released recently and it again fixed
few security holes, so pressure to either abandon TB or get upgraded TB2
is increasing here.
Timo Pietil�
Dan
If you're on about 24, then its still being done. We are currently
landing the last few patches and looking at getting it scheduled into
the build cycle.
Standard8
Thanks. Any estimate how soon? Are we talking about weeks or months?
Timo Pietil�
if you follow the changes at https://wiki.mozilla.org/Releases you will
be informed when dates are updated.
It says "TBD". I parse that as "to be determined". That's basically same
as no info. So: weeks or months? Hours would be preferable.
Let me say this in other way: Do we abandon TB (months) or do we wait
for upgrade (weeks)?
Timo Pietil�
Dan