Prompted update from 3.0 to 4.0?
Henri Sivonen
for Chrome while showing a screenshot that had the old Firefox icon. The
new icon debuted all the way back in Firefox 3.5, so he had to have
Firefox 3.0.x (or earlier).
This together with the observation that Firefox 3.0.x still has millions
of active daily users inspires me to ask:
Will Firefox 4.0.1 be offered as a prompted update to Firefox 3.0.x
users who are using a compatible OS (even if they have previously
declined 3.5 and 3.6)?
It would be sad if the remaining 3.0.x users either continued using an
unpatched browser or switched to competing browsers instead of keeping
Firefox up-to-date.
--
Henri Sivonen
hsiv...@iki.fi
http://hsivonen.iki.fi/
Robert Kaiser
> Will Firefox 4.0.1 be offered as a prompted update to Firefox 3.0.x
> users who are using a compatible OS (even if they have previously
> declined 3.5 and 3.6)?
I think the current plan is 3.5 and 3.6 only, but you might be right
that it might make sense to try 3.0 one last time again - though I'm not
sure how much work that would be, both for releng as well as QA.
Robert Kaiser
--
Note that any statements of mine - no matter how passionate - are never
meant to be offensive but very often as food for thought or possible
arguments that we as a community needs answers to. And most of the time,
I even appreciate irony and fun! :)
Christian Legnitto
Christian
> _______________________________________________
> dev-planning mailing list
> dev-pl...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-planning
David E. Ross
Earlier this month, I did a two-week survey of user agents accessing a
sample of my Web pages. Of identified Gecko-based browsers, 4.5% of
"hits" were from Gecko rv:1.8.x (Firefox 1.x or 2.x, SeaMonkey 1.x); and
2.7% were from Gecko rv:1.9.0.x (Firefox 3.0.x). Thus, 7.2% of the
Gecko-based browsers were from Firefox version 3.0.x or earlier and from
SeaMonkey version 1.x.
I found it interesting that almost twice as many hits were from Firefox
1.x or 2.x and SeaMonkey 1.x than from Firefox 3.0.x.
--
David E. Ross
<http://www.rossde.com/>
On occasion, I might filter and ignore all newsgroup messages
posted through GoogleGroups via Google's G2/1.0 user agent
because of spam from that source.
Asa Dotzler
> The plan is to only do 3.6 and 3.5. Users on 3.0 have ignored the 3.6 prompt many times and QA's testing for 3.0 MUs are 100% manual. We might go back and do the 3.0 prompt if we have the resources but we aren't planning to do so currently.
>
> Christian
I think we should package up a 4.0.1 release as a mandatory security
update for Firefox 2.0.x and Firefox 3.0.x users. Nobody should be using
2.0.x or 3.0.x. They are horribly insecure, completely unsupported, are
almost assuredly going to be turned into spambots and are a threat to
the health of the Web and every other user of the Web.
- A
John O'Duinn
Firefox3.0 users can still always do "help->CheckForUpdates" to get
updates. That was our 4th prompted major update to the FF3.0 users, and
remains in place since July2010.
Your friend is so far back, that depending on exactly what version of
Firefox, they may have to do "help->CheckForUpdates" a few times to
reach Firefox4.0. The important point here is that RelEng always makes
sure that users can update to the latest and greatest Firefox.
We do MUs for orphaned groups of users frequently - and as Christian
said, we can (read: will!) revisit who to re-prompt later. Even as far
back as FF2.0.0.x, we would scan back for large groups of users who are
still back on old, less-secure versions of FF1.5.0.x, and re-prompt them
to upgrade. For now, however, it makes more sense to focus scarce
resouces on getting the many more FF3.5, FF3.6 users upgraded to FF4.0.
Feel free to raise this again, if you are curious for status, but yes,
its on our recurring ToDo list.
tc
John.
=====
On 4/20/11 10:33 AM, Christian Legnitto wrote:
> The plan is to only do 3.6 and 3.5. Users on 3.0 have ignored the 3.6 prompt many times and QA's testing for 3.0 MUs are 100% manual. We might go back and do the 3.0 prompt if we have the resources but we aren't planning to do so currently.
>
> Christian
>
> On Apr 20, 2011, at 8:45 AM, Robert Kaiser wrote:
>
Kyle Huey
> On 4/20/11 2:28 AM, Henri Sivonen wrote:
> > Yesterday, I observed a case where a person was stating his preference
> > for Chrome while showing a screenshot that had the old Firefox icon. The
> > new icon debuted all the way back in Firefox 3.5, so he had to have
> > Firefox 3.0.x (or earlier).
> >
> > This together with the observation that Firefox 3.0.x still has millions
> > of active daily users inspires me to ask:
> >
> > Will Firefox 4.0.1 be offered as a prompted update to Firefox 3.0.x
> > users who are using a compatible OS (even if they have previously
> > declined 3.5 and 3.6)?
> >
> > It would be sad if the remaining 3.0.x users either continued using an
> > unpatched browser or switched to competing browsers instead of keeping
> > Firefox up-to-date.
> >
>
> Earlier this month, I did a two-week survey of user agents accessing a
> sample of my Web pages. Of identified Gecko-based browsers, 4.5% of
> "hits" were from Gecko rv:1.8.x (Firefox 1.x or 2.x, SeaMonkey 1.x); and
> 2.7% were from Gecko rv:1.9.0.x (Firefox 3.0.x). Thus, 7.2% of the
> Gecko-based browsers were from Firefox version 3.0.x or earlier and from
> SeaMonkey version 1.x.
>
> I found it interesting that almost twice as many hits were from Firefox
> 1.x or 2.x and SeaMonkey 1.x than from Firefox 3.0.x.
>
> Do you have data on the operating systems those users are running? IIRC
Gecko 1.8.x was the last version to support Windows 9x, so I would expect
the vast majority of users on Gecko 1.8.x to be running Windows 98 or
something.
> --
>
> David E. Ross
> <http://www.rossde.com/>
>
> On occasion, I might filter and ignore all newsgroup messages
> posted through GoogleGroups via Google's G2/1.0 user agent
> because of spam from that source.
> _______________________________________________
> dev-planning mailing list
> dev-pl...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-planning
>
- Kyle
timeless
> I think we should package up a 4.0.1 release as a mandatory security update
> for Firefox 2.0.x and Firefox 3.0.x users. Nobody should be using 2.0.x or
> 3.0.x. They are horribly insecure, completely unsupported, are almost
> assuredly going to be turned into spambots and are a threat to the health of
> the Web and every other user of the Web.
Sounds great. My sister has a G4 and is waiting for an update to her Firefox 2.
Robert Kaiser
> We do MUs for orphaned groups of users frequently - and as Christian
> said, we can (read: will!) revisit who to re-prompt later. Even as far
> back as FF2.0.0.x, we would scan back for large groups of users who are
> still back on old, less-secure versions of FF1.5.0.x, and re-prompt them
> to upgrade. For now, however, it makes more sense to focus scarce
> resouces on getting the many more FF3.5, FF3.6 users upgraded to FF4.0.
I actually wonder, in concert with Asa, if we actually should go and
give those on unsupported versions a non-prompted "minor" update (as
long as their hardware/OS is supported with FF4) instead of a prompted
"major" update offer. We should try to do everything we can to "force"
all those users to a supported version that can run it.
People running 3.0 or even older versions are not only risking their
security and privacy every time they use such a build, but threaten
other people due to the significant risk to become part of a botnet that
is used for all kinds of attacks. We should try to actively avoid that,
even if it means changing their Internet experience without asking.
Robert Kaiser
> On Wed, Apr 20, 2011 at 3:04 PM, David E. Ross<nob...@nowhere.invalid>wrote:
>> I found it interesting that almost twice as many hits were from Firefox
>> 1.x or 2.x and SeaMonkey 1.x than from Firefox 3.0.x.
>>
>> Do you have data on the operating systems those users are running? IIRC
> Gecko 1.8.x was the last version to support Windows 9x, so I would expect
> the vast majority of users on Gecko 1.8.x to be running Windows 98 or
> something.
In addition to that, SeaMonkey 1.x didn't ship an update mechanism, so
no way to "help" those users at all - better just forget about them (and
yes, they should get a weekly notification that something newer is
available - we turned that on as soon as SeaMonkey 2.0 was available,
i.e. in late 2009).
We should concentrate on those people we can bring over to something
supported in some way, people on Win9x, PPC Macs or SeaMonkey 1.x
unfortunately are nobody we can help actively.
Christian Legnitto
On Apr 20, 2011, at 2:03 PM, Robert Kaiser wrote:
> John O'Duinn schrieb:
>> We do MUs for orphaned groups of users frequently - and as Christian
>> said, we can (read: will!) revisit who to re-prompt later. Even as far
>> back as FF2.0.0.x, we would scan back for large groups of users who are
>> still back on old, less-secure versions of FF1.5.0.x, and re-prompt them
>> to upgrade. For now, however, it makes more sense to focus scarce
>> resouces on getting the many more FF3.5, FF3.6 users upgraded to FF4.0.
>
> I actually wonder, in concert with Asa, if we actually should go and give those on unsupported versions a non-prompted "minor" update (as long as their hardware/OS is supported with FF4) instead of a prompted "major" update offer. We should try to do everything we can to "force" all those users to a supported version that can run it.
> People running 3.0 or even older versions are not only risking their security and privacy every time they use such a build, but threaten other people due to the significant risk to become part of a botnet that is used for all kinds of attacks. We should try to actively avoid that, even if it means changing their Internet experience without asking.
This is the plan for when we kill 3.5 (polishing up the doc now). We currently no plan to do it for older releases but we can debate it once the dust has settled around FF4 and FF5.
Christian
Robert Strong
> On Apr 20, 2011, at 2:03 PM, Robert Kaiser wrote:
>
>>> We do MUs for orphaned groups of users frequently - and as Christian
>>> said, we can (read: will!) revisit who to re-prompt later. Even as far
>>> back as FF2.0.0.x, we would scan back for large groups of users who are
>>> still back on old, less-secure versions of FF1.5.0.x, and re-prompt them
>>> to upgrade. For now, however, it makes more sense to focus scarce
>>> resouces on getting the many more FF3.5, FF3.6 users upgraded to FF4.0.
>> I actually wonder, in concert with Asa, if we actually should go and give those on unsupported versions a non-prompted "minor" update (as long as their hardware/OS is supported with FF4) instead of a prompted "major" update offer. We should try to do everything we can to "force" all those users to a supported version that can run it.
>> People running 3.0 or even older versions are not only risking their security and privacy every time they use such a build, but threaten other people due to the significant risk to become part of a botnet that is used for all kinds of attacks. We should try to actively avoid that, even if it means changing their Internet experience without asking.
broken prior to 3.5 which is something I fixed after taking over app
update (https://bugzilla.mozilla.org/show_bug.cgi?id=324121 for the gory
details). The update behavior when not prompting / ignoring extension
compatibility (e.g. the update snippet is a minor update and the
extension compatiblity check is disabled by setting the update's
extension app compatibility version to the user's current app version)
should be heavily tested when you do this. iirc there were cases where
it checked extension compatibility anyway and would show the prompt.
Robert
Asa Dotzler
Your sister's PC vendor has abandoned her and so have the vendors of her
most security-sensitive software. She really shouldn't be connecting to
the internet at all. She's a danger to herself and to others.
On a more topical note, I should have said "a mandatory security update
for all supported platforms"
For unsupported platforms, I think we should have a "We cannot secure
this version of Firefox and recommend you uninstall" followed by
instructions or a button to launch the uninstaller.
For the overwhelming majority of users (those on Windows) the default
system browser is more secure and better for the user and the Web. IE 6
is still getting critical security updates (see
http://www.microsoft.com/technet/security/Bulletin/MS11-018.mspx for
example which was just released for IE 6 a week ago.
If we cannot secure a user, that user and the Web are better off if we
either a) force them forward to a current, supported version or b)
uninstall Firefox and push them back to the system browser which is
being secured by its vendor.)
- A
David E. Ross
Reviewing my raw data, I see that it appears only six distinct users
accessed my Web pages during those two weeks. The UA strings were:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7)
Gecko/20060909 Firefox/1.5.0.7
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.9)
Gecko/20071025 Firefox/2.0.0.9
Mozilla/5.0 (Windows; U; Win98; en-GB; rv:1.8.1.22) Gecko/20090605
SeaMonkey/1.1.17
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.23) Gecko/20090823
SeaMonkey/1.1.18
Mozilla/5.0 (Windows; U; Windows NT 5.1; en; rv:1.8.1) Gecko/20061010
Firefox/2.0
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6)
Gecko/20070725 Firefox/2.0.0.6
Only one of these is clearly Windows 98. Four could be Windows XP. I'm
not sure about the Linux user since I don't use Linux and thus don't
know what is the current version. Of course, all this could be confused
by spoofing.
Henri Sivonen
> We do MUs for orphaned groups of users frequently - and as Christian
> said, we can (read: will!) revisit who to re-prompt later.
> but yes, its on our recurring ToDo list.
Cool. Thanks!
On Wed, 2011-04-20 at 15:25 -0700, Asa Dotzler wrote:
> On 4/20/2011 1:22 PM, timeless wrote:
> > On Wed, Apr 20, 2011 at 3:47 PM, Asa Dotzler<a...@mozilla.com> wrote:
> >> I think we should package up a 4.0.1 release as a mandatory security update
> >> for Firefox 2.0.x and Firefox 3.0.x users. Nobody should be using 2.0.x or
> >> 3.0.x. They are horribly insecure, completely unsupported, are almost
> >> assuredly going to be turned into spambots and are a threat to the health of
> >> the Web and every other user of the Web.
> >
> > Sounds great. My sister has a G4 and is waiting for an update to her Firefox 2.
>
> Your sister's PC vendor has abandoned her
Has Apple really abandoned Leopard users as far as security patches go?
It's annoying that Apple is never clear on product EOL. Note that
Mozilla supports Firefox 4 for Intel Leopard. (Mozilla also ships
Firefox to non-latest Android releases and those are also
Internet-connected *nix systems without the latest patches.)
> and so have the vendors of her most security-sensitive software.
Adobe stopping Flash updates is indeed scary.
> She really shouldn't be connecting to
> the internet at all. She's a danger to herself and to others.
I think you haven't really substantiated the danger here. If a person is
running PPC Leopard with the latest point release of Firefox 3.6 or
TenFourFox with FlashBlock enabled (and random old plug-ins disabled),
is there any evidence of her being a danger to herself or to others?
Also, http://www.mozilla.org/projects/ lists Camino, which is still
running the engine that was in Firefox 3.0.
After Firefox 4 was released, I migrated my parents off Camino (to
Firefox 4 on their Intel Macs and to TenFourFox on their PPC Macs). I
think the right and nice thing to do would be making PPC Firefox users
aware of the existence of TenFourFox even if Mozilla Corporation doesn't
have an autoupdate target for PPC users.
Boris Zbarsky
> On Wed, 2011-04-20 at 15:25 -0700, Asa Dotzler wrote:
>> On 4/20/2011 1:22 PM, timeless wrote:
>>> Sounds great. My sister has a G4 and is waiting for an update to her Firefox 2.
>>
>> Your sister's PC vendor has abandoned her
>
> Has Apple really abandoned Leopard users as far as security patches go?
Leopard, no.
Note that Leopard doesn't run on all G4s, though....
-Boris
Robert Kaiser
> Reviewing my raw data, I see that it appears only six distinct users
> accessed my Web pages during those two weeks.
So - sorry to say that - not a really interesting or representative
sample. And all of those have at least some updates available to them
and ignored that. Those are users we should force to upgrade or make
hard to even use those versions of our software any more, IMHO, given
the security risk.
We need to allow running any old version for testing purposes (hopefully
in reasonably sandboxed environments) but we should make it really hard
if not impossible to use them for production.
David E. Ross
> David E. Ross schrieb:
>> Reviewing my raw data, I see that it appears only six distinct users
>> accessed my Web pages during those two weeks.
>
> So - sorry to say that - not a really interesting or representative
> sample. And all of those have at least some updates available to them
> and ignored that. Those are users we should force to upgrade or make
> hard to even use those versions of our software any more, IMHO, given
> the security risk.
>
> We need to allow running any old version for testing purposes (hopefully
> in reasonably sandboxed environments) but we should make it really hard
> if not impossible to use them for production.
>
> Robert Kaiser
>
What I meant to write was that only six distinct USERS OF GECKO 1.8.x
accessed my Web pages during those two weeks. I had over 1,600 "hits"
from Gecko, IE (5, 6, 7, 8, and 9), Safari, Chrome, Opera, various
mobiles, Wget, and 19 different bots. I also had 2-3 "hits" that
presented blank UA strings.
Wes Garland
>
> Sounds great. My sister has a G4 and is waiting for an update to her
> Firefox 2.
>
:P
Has your sister seen ten-four fox? One of my developers runs it on his
ancient PPC MacBook and is happy with it.
http://www.floodgap.com/software/tenfourfox/
Wes
--
Wesley W. Garland
Director, Product Development
PageMail, Inc.
+1 613 542 2787 x 102
Mike Hommey
> On 20 April 2011 16:22, timeless <time...@gmail.com> wrote:
>
> >
> > Sounds great. My sister has a G4 and is waiting for an update to her
> > Firefox 2.
> >
>
> :P
>
> Has your sister seen ten-four fox? One of my developers runs it on his
> ancient PPC MacBook and is happy with it.
>
> http://www.floodgap.com/software/tenfourfox/
While speaking of TenFourFox, is there any particular reason why we
couldn't have them contribute like the OS/2 and solaris people,
including providing binaries in the contrib directories on our ftp
archive?
Mike
Christian Legnitto
Not sure. I know the PPC nanojit stuff is bug 624164 though (and I believe Cameron is the main force behind TenFourFox).
Thanks,
Christian
Steve Wendt
> While speaking of TenFourFox, is there any particular reason why we
> couldn't have them contribute like the OS/2 and solaris people,
> including providing binaries in the contrib directories on our ftp
> archive?
I know in the past, there were concerns about OS/2 builds that had
out-of-tree patches; that's why there were the official builds, and then
there were separate enhanced builds:
http://pmw-warpzilla.sourceforge.net/
http://pmw-warpzilla.sourceforge.net/no_PmW-Fx3.html
I know that branding was at least one of the concerns (hence Peter had
PmW-Fx and PmW-Tb). If that's the only real concern, could TenFourFox
builds be in the contrib directory, even if they aren't called "Firefox"?
Wes Garland
> While speaking of TenFourFox, is there any particular reason why we
> couldn't have them contribute like the OS/2 and solaris people,
> including providing binaries in the contrib directories on our ftp
> archive?
>
While speaking of contrib builds, is there any way to make them more
accessible to the general public?
When I want to download firefox 4 for a sun box, I want to go to "
getfirefox.com", then click on "Other systems and languages", and see an
option like "contrib builds".
Instead, I have to google "Firefox release notes" (and I only know this
because I was told about it in bug
503318<https://bugzilla.mozilla.org/show_bug.cgi?id=503318>),
then click on the google link, go to the releases page, click on "Firefox
3.6", edit the URL so it says "4.0" and then click on the link "Contrib
Builds".
If you think I'm whining about nothing -- go to "getfirefox.com" and try to
download Firefox 4 for Solaris using nothing but a mouse and what you seen
on the screen. It's a downright hostile user experience. In fact, it might
not even be possible.
Steve Wendt
> When I want to download firefox 4 for a sun box, I want to go to "
> getfirefox.com", then click on "Other systems and languages", and see an
> option like "contrib builds".
Seamonkey does better in this respect, but even there, the contributed
builds section frequently does not get updated. That is why I long ago
stopped using the "friendly" web interfaces, and just go to:
http://releases.mozilla.org/pub/mozilla.org/.../contrib/
But that is obviously not ideal...
Asa Dotzler
>> She really shouldn't be connecting to
>> the internet at all. She's a danger to herself and to others.
>
> I think you haven't really substantiated the danger here. If a person is
> running PPC Leopard with the latest point release of Firefox 3.6
First, I don't care much about the maybe hundreds of people on PPC
Leopard Firefox. I just used that post as a jumping off point to talk
about more substantial volumes of users.
I do care about the 8 million or so Windows users who are on Firefox
2.0.x, 3.0.x, and the hundreds of millions of people on Firefox 3.5.x,
and 3.6.x.
Today I care most about the 2.0.x and 3.0.x users who do not and have
not for some time been getting security updates from Mozilla. There are
almost ten million of them and they are in danger and they are a danger
to the Web and I believe they absolutely would be better off on IE 6 if
we cannot find a way to get them to a supported Firefox release.
I think before we try to move them back to IE, we should actually give
them the security update for Firefox 2.0.x and 3.0.x that is available
today with a Firefox 4 update (or maybe wait a bit and give them 5). It
should be an unprompted security update that happens to come with some
new non-security features. If they've disabled unprompted security
updates, then they are kind of lost to us and I think we should use what
ever other channels we have (start page, the press, our army of awesome)
to push them to go back to IE where they can still get security updates
from Microsoft.
I'm further asserting that beyond the already unsupported versions of
Firefox (2.0.x and 3.0.x) that we cannot support the latest point
release of Firefox 3.5 plus the latest point release of Firefox 3.6 plus
the latest point release of Firefox 4.0 plus the latest point release of
Firefox 5 plus the latest point release of Firefox 6 etc., etc.
If it is the case that we're going to keep with the new plan and ship
every 3 months, we simply cannot make the same promises we did in the
past about 6 months of support for previous version after new version is
released.
I propose, therefor, that we take this opportunity to stop supporting
all older versions and mandate upgrades to newer versions. I further
propose that for those users on versions that become unsupported, and
who will not, for whatever reason, move forward to a supported Firefox
version, that we do help users get back to IE 6/7/8/9/whatever by what
ever means we have available, including (we'd have to add the feature)
disabling Firefox completely.
- A
Steve Wendt
> that we do help users get back to IE 6/7/8/9/whatever by what
> ever means we have available, including (we'd have to add the feature)
> disabling Firefox completely.
If you fully remove choice from the user, why should that user ever
trust you again for a newer version? Lots of warnings and prompts are
one thing, but full removal of choice is patronizing.
Here's one scenario: somebody has a pet bug that first showed up in
Firefox 3.6.x, which makes it unusable in their situation. They even
reported the bug, but fixing it has been prioritized down to "someday we
will look into that again." You go and kill their Firefox 3.5.x, which
is working nicely for them, and they become disenfranchised. The bug
finally gets resolved in Firefox 7, but that user hates Firefox now,
because you screwed him over.
Asa Dotzler
My argument is that during the time between when that user became
unsupported (stopped receiving Firefox security updates) and when that
user decides to upgrade to a new version of Firefox, that user shouldn't
be using Firefox.
An unsupported (no longer receiving security updates) version of Firefox
is less secure for that user and for the Web at large than even IE 6.
Not only is it less secure, but the bad guys know exactly how to target
it (because we've told them the flaws we've fixed in newer versions
which are often still present in your older unfixed version) and the
chances if your computer being infected via that insecure browser
version skyrocket.
I don't believe that users have the ultimate right to become bots that
spam or attack others on the Web. I think of it a lot like I think of
public health. You do not have the right to get on an airplane with
tuberculosis because of the potential to cause harm to your fellow
passengers. Hospitals are available to treat you and you should avail
yourself of their services before going out in public and potentially
infect others. Not doing so is simply wrong and a civil society should
not tolerate that.
The Web is a public space and you and your computer are in that public
space. Having an infected computer on the Web, deliberately or not, is
not OK.
Mozilla provides you with a free secure version of a great browser but
when that version is no longer secure and you refuse to upgrade to a
newer (and still free) secure version, you are now using a dangerous
piece of software that can not only harm you, but harm millions of other
people on the Web. I think Mozilla should be able to pull the plug on
that bad software so that it does not cause harm to the rest of the Web.
I'm sure not many others see it this way, and I don't expect this
argument to persuade everyone, but I'm an absolutely serious and sincere
in making it. I firmly believe that this is a public health issue and
sometimes public health issues trump individual liberty.
- A
David Ascher
> My argument is that during the time between when that user became
> unsupported (stopped receiving Firefox security updates) and when that
> user decides to upgrade to a new version of Firefox, that user shouldn't
> be using Firefox.
Yeah, but you're using your value system (which values security very
highly) to decide what the user should do, regardless of any other
value system, including the user's, the user's network administrator,
the user's ISP, government, parents, etc.
I don't think any absolutist point of view is appropriate here.
Safety, user choice, open source, various notions of freedom, UX,
localization, various jurisdictional concerns (from parents through
network administrators and ISPs all the way to governments) all
conflict in various exciting ways.
--da
Ron Hunter
I understand your points, but I disagree with one statement. NO ONE is
better off with IE6 than ANY Firefox version. Even Microsoft agrees
with that.
As for supporting old versions...
Going to an update or else setup would cause a lot of negative
response from users. Further, updating to a newer version under the
guise of a 'security update' would probably be considered less than
honest by most users.
Just some things to think on.
Asa Dotzler
> I understand your points, but I disagree with one statement. NO ONE is
> better off with IE6 than ANY Firefox version. Even Microsoft agrees with
> that.
Microsoft just released a major security patchset for IE 6 last Tuesday.
Microsoft still supports IE 6. Mozilla does not support Firefox 1.0,
Firefox 1.5, Firefox 2, and Firefox 3. IMO, those users are absolutely
better off on IE 6.
> Further, updating to a newer version under the guise of a
> 'security update' would probably be considered less than honest by most
> users.
But it is a security update. There's absolutely no dishonesty there at
all. The minute we fix a critical security bug in a newer version that
we don't fix in an affected older version, then the newer version is a
security update. We currently don't deploy it as an "unprompted update"
like we do other security updates, but you simply cannot argue that it
is not a security update.
- A
Asa Dotzler
>
>> My argument is that during the time between when that user became
>> unsupported (stopped receiving Firefox security updates) and when that
>> user decides to upgrade to a new version of Firefox, that user
>> shouldn't be using Firefox.
>
> Yeah, but you're using your value system (which values security very
> highly) to decide what the user should do, regardless of any other value
> system, including the user's, the user's network administrator, the
> user's ISP, government, parents, etc.
It's not just my value system that places a high importance on security.
A minimal level of security is a fundamental requirement for the Web to
function. Anyone who doesn't put a high importance on security isn't
thinking about it very seriously. I'm OK with that, though. Most people
don't have to think about that because they've got experts (their
software vendors like us) who have the responsibility to think about it
on their behalf.
- A
Patrick Finch
The point about user perception probably stands anyway: whether or not
it's honest, there's a good chance it won't be perceived as such.
Possibly a different issue, but still an issue.
Patrick
> _______________________________________________
> dev-planning mailing list
> dev-pl...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-planning
--
Patrick Finch
Mozilla
pat...@mozilla.com
Mobile: +46 768 444 833
Office: +1 650 903 0800 ext. 340
Twitter: @patrickf
IM: patric...@gmail.com
Daniel Cater
I think Mozilla is falling out of touch with a large part of its audience, and doing things like killing the uninstaller survey doesn't help. An optional feedback mechanism for people who click the "Never" button in the upgrade dialog would help.
Once 4.0.1 gets pushed as a major update, this problem will get worse. People will downgrade and people will tell their parents to click "Never" when it pops up.
Philip Chee
> On Wed, Apr 20, 2011 at 3:47 PM, Asa Dotzler <a...@mozilla.com> wrote:
>> I think we should package up a 4.0.1 release as a mandatory security update
>> for Firefox 2.0.x and Firefox 3.0.x users. Nobody should be using 2.0.x or
>> 3.0.x. They are horribly insecure, completely unsupported, are almost
>> assuredly going to be turned into spambots and are a threat to the health of
>> the Web and every other user of the Web.
>
Why wait?
<http://www.floodgap.com/software/tenfourfox/>
Versions available for G3, G4, and G5 processors.
Phil
--
-==-
Philip Chee <phi...@aleytys.pc.my>, <phili...@gmail.com>
http://flashblock.mozdev.org/ http://xsidebar.mozdev.org
Guard us from the she-wolf and the wolf, and guard us from the thief,
oh Night, and so be good for us to pass.
[ ]T'greatest griefs are those we cause ourselves. Sophocles
* TagZilla 0.066.6
Philip Chee
> John O'Duinn schrieb:
>> back as FF2.0.0.x, we would scan back for large groups of users who are
>> still back on old, less-secure versions of FF1.5.0.x, and re-prompt them
>> to upgrade. For now, however, it makes more sense to focus scarce
>> resouces on getting the many more FF3.5, FF3.6 users upgraded to FF4.0.
>
> I actually wonder, in concert with Asa, if we actually should go and
> give those on unsupported versions a non-prompted "minor" update (as
> long as their hardware/OS is supported with FF4) instead of a prompted
> "major" update offer. We should try to do everything we can to "force"
> all those users to a supported version that can run it.
> People running 3.0 or even older versions are not only risking their
> security and privacy every time they use such a build, but threaten
> other people due to the significant risk to become part of a botnet that
> is used for all kinds of attacks. We should try to actively avoid that,
> even if it means changing their Internet experience without asking.
>
As far as I know, those on Firefox 3.0 (or Thunderbird 2.0) who can but
who refuse to upgrade are refusing for philosophical or ideological
reasons. If a mandatory upgrade occurs, they would simply restore from
backup or reinstall from a saved copy of the 3.0 installer.
There are even people who refuse to upgrade SeaMonkey beyond 2.1b1
because of objections to changes made by you and me in subsequent betas.
And I know someone in the support firefox forums who is remaining on one
of the Firefox 4.0betas permanently because of some change or other in
later betas.
Phil
--
Philip Chee
They aren't stock Firefox 4.0 due to adaptations needed for the older
PPC processors and hence can't use the Firefox branding.
Ron Hunter
you know, like 'open source'? The mentality of someone who hasn't
updated his software in that long is not likely to be the kind who will
welcome this kind of 'help'.
Ron Hunter
backlash.
An attempt at education might be in order, but I don't know how to
implement that.
Robert Kaiser
> There are even people who refuse to upgrade SeaMonkey beyond 2.1b1
> because of objections to changes made by you and me in subsequent betas.
In that case (and the same for Firefox), they should abandon our
products and at least move to something that is supported with security
updates. I don't care if that's SeaMonkey 2.0, 2.1, a new enough
Firefox, IE, Safari, Chrome, Opera or whatever. I absolutely agree with
Asa that we should not have people out there who are endangering their
surroundings by becoming members of a botnet - and anyone who refuses to
use browsers with security updates but uses the web doe endanger his/her
surroundings in that way.
As I said in a different message already, it needs to be possible to
test our old software to find out problems, regressions, etc. but we
should make regular use of old unsupported versions as hard as possible,
ideally upgrade people as silently as possible to supported versions.
If people don't agree with our decisions in our supported versions, they
need to switch to some other product that is supported for security,
abandon the Internet completely, or develop their own variant (or
add-on) that does what they want on the base of a supported product.
Asa Dotzler
> No, but then I still think users might find this a bit less than 'open',
> you know, like 'open source'? The mentality of someone who hasn't
> updated his software in that long is not likely to be the kind who will
> welcome this kind of 'help'.
I have no idea what you think open source has to do with this. Firefox
has always been and will be for the foreseeable future available under
an open source license.
Also, your assertion that these people haven't updated software is just
plain wrong. Most of these people *were* updating their Mozilla software
every six weeks or so -- every time we pushed out a security and
stability update. We stopped doing that, leaving them on old and
insecure versions of Firefox and I'm proposing that we pick that back up
and push out another round of security and stability updates for these
users.
- A
Boris Zbarsky
> I'm proposing that we pick that back up
> and push out another round of security and stability updates for these
> users.
This would be a lot easier to do if it weren't for the "omg, it's all
different" factor involved....
-Boris, who just spent part of last weekend doing things like turning
the menu back on and looking for a way to turn off glass for a Firefox
user who had updated to Fx4 on Windows 7 and was freaked out as a result.
Asa Dotzler
It's not as bad for most of our users on old versions because they're on
XP. Firefox 4 (and 5) on XP does not default to the new menu arrangement
so it's mostly just "tabs on top".
But yes, it is going to be hard for a lot of those users. OMG Change! is
a legitimate problem. It will result in user frustration. It will result
in user dissatisfaction. It will result in users abandoning Firefox. But
I don't think that should stop us from doing the right thing for those
users to ensure that as many of them as possible are on secure browsers.
- A
Robert Strong
> On 4/21/2011 8:27 PM, Boris Zbarsky wrote:
>> On 4/21/11 10:31 PM, Asa Dotzler wrote:
>>> I'm proposing that we pick that back up
>>> and push out another round of security and stability updates for these
>>> users.
>>
>> This would be a lot easier to do if it weren't for the "omg, it's all
>> different" factor involved....
>>
>> -Boris, who just spent part of last weekend doing things like turning
>> the menu back on and looking for a way to turn off glass for a Firefox
>> user who had updated to Fx4 on Windows 7 and was freaked out as a
>> result.
>
> It's not as bad for most of our users on old versions because they're
> on XP. Firefox 4 (and 5) on XP does not default to the new menu
> arrangement so it's mostly just "tabs on top".
Looking at raw Firefox 2 and Firefox 3 blocklist pings over the 30 days
we have had 738498 pings for Windows 7 and 6234778 pings for Windows XP
Robert
Asa Dotzler
I think that ratio definitely supports the case for packaging up a
contemporary Firefox release as an unprompted update for Firefox 2 and 3
users. The OMG Change factor will be much less extreme than we suppose
(given our bias to thinking only about Windows 7) for the overwhelming
majority of those users and they are the ones on the most at-risk
Firefox versions.
- A
- A
Robert Strong
> On 4/21/2011 9:06 PM, Asa Dotzler wrote:
>>> On 4/21/11 10:31 PM, Asa Dotzler wrote:
>>>> I'm proposing that we pick that back up
>>>> and push out another round of security and stability updates for these
>>>> users.
>>>
>>> This would be a lot easier to do if it weren't for the "omg, it's all
>>> different" factor involved....
>>>
>>> -Boris, who just spent part of last weekend doing things like turning
>>> the menu back on and looking for a way to turn off glass for a Firefox
>>> user who had updated to Fx4 on Windows 7 and was freaked out as a
>>> result.
>>
>> It's not as bad for most of our users on old versions because they're
>> on XP. Firefox 4 (and 5) on XP does not default to the new menu
>> arrangement so it's mostly just "tabs on top".
>
> days we have had 738498 pings for Windows 7 and 6234778 pings for
> Windows XP
the blocklist pings for the last 30 days by Firefox version so it is
easier to see the distribution, etc.
| Win2K WinXP WinVista Win7
Firefox 2 26 1527 42 92
Firefox 3 61029 6233251 379960 738406
|Cheers,
Robert
Ron Hunter
good, but it will cause some users to be really unhappy about having
their comfortable old shoes replaced with new ones. Some people just
abhor change, and those are the ones we are talking about. That it is
for their own good, and the good of the community as a whole, really
won't occur to them.
David Illsley
> My argument is that during the time between when that user became
> unsupported (stopped receiving Firefox security updates) and when that
> user decides to upgrade to a new version of Firefox, that user shouldn't
> be using Firefox.
>
> An unsupported (no longer receiving security updates) version of Firefox
> is less secure for that user and for the Web at large than even IE 6.
> Not only is it less secure, but the bad guys know exactly how to target
> it (because we've told them the flaws we've fixed in newer versions
> which are often still present in your older unfixed version) and the
> chances if your computer being infected via that insecure browser
> version skyrocket.
>
> I don't believe that users have the ultimate right to become bots that
> spam or attack others on the Web. I think of it a lot like I think of
> public health. You do not have the right to get on an airplane with
> tuberculosis because of the potential to cause harm to your fellow
> passengers. Hospitals are available to treat you and you should avail
> yourself of their services before going out in public and potentially
> infect others. Not doing so is simply wrong and a civil society should
> not tolerate that.
IMO this analogy is a poor one... you don't have the right to get on
the plane, but equally, the attendant checking your boarding pass when
you get on doesn't have the right to give you an involuntary
inoculation because you look sick.
> The Web is a public space and you and your computer are in that public
> space. Having an infected computer on the Web, deliberately or not, is
> not OK.
In the physical world, there would be a refusal of access, not an
enforced treatment.
> Mozilla provides you with a free secure version of a great browser but
> when that version is no longer secure and you refuse to upgrade to a
> newer (and still free) secure version, you are now using a dangerous
> piece of software that can not only harm you, but harm millions of other
> people on the Web. I think Mozilla should be able to pull the plug on
> that bad software so that it does not cause harm to the rest of the Web.
Simply shipping an silent 3.0.x update which kills the browser at a
specified date in the future unless you voluntarily update to >= 3.5
is a more direct parallel of 'pulling the plug' than forcing an
upgrade (and giving the user at least a couple of weeks warning is a
lot more friendly).
Elsewhere in the thread, there's been discussion that there are other
browsers which would also be an improvement for people on 3.0... It's
worth considering if future messaging to people on back-level versions
mentions that. A MU pop-up which said that we're so concerned about
your security that we'd encourage you to look elsewhere if necessary
might be a real jolt to a lot of people. (As might re-advertising very
frequently).
There's been little discussion of the possibility that the 10-15?
million users on 3.0.x might be there for good reasons, and that
forcibly bumping them to 4.x might cause them serious problems - If
I'm stuck on Fx3.0.x because of having to use exampleCorp CRM 3.5.4
which has a hard Fx3.0.x dependency, then suddenly losing access to my
system one morning might cause me actual financial loss. In that kind
of scenario, I might even be using Fx3.0.x exclusively for that one
site, so my security exposure is really low. (I've been in a similar
situation to that in the past where I've used IE6 for access to a
single system).
I'm also intrigued if there's a way to know how many of these back-
level users may have auto-updates turned off by corporate
administrators - I seem to remember my employer-provided Firefox in
the 3.0.x timescale had auto-updates from mozilla.org turned off. Is
there a way to compare blocklist pings and update check logs to work
this out?
If a low proportion of the back-level users would actually see the
forced update, I'd be very skeptical that it would be worth the
inevitable backlash.
>
> I'm sure not many others see it this way, and I don't expect this
> argument to persuade everyone, but I'm an absolutely serious and sincere
> in making it. I firmly believe that this is a public health issue and
> sometimes public health issues trump individual liberty.
Sure. To me this is a tension between Principles 4 and 5 in the
Manifesto [1].
4. Individuals' security on the Internet is fundamental and cannot be
treated as optional.
5. Individuals must have the ability to shape their own experiences on
the Internet.
I do think both are important, but don't think one obviously trumps
another, so I think it's important to find a way to satisfy 4 without
trampling all over 5.
David
Daniel Cater
I just think that it should be given more weight when coming up with new designs and features and that *everyone* should be thinking about this kind of impact, not just the people who lead the product.
Apologies to anyone who felt unfairly insulted.
Boris Zbarsky
> Elsewhere in the thread, there's been discussion that there are other
> browsers which would also be an improvement for people on 3.0... It's
> worth considering if future messaging to people on back-level versions
> mentions that. A MU pop-up which said that we're so concerned about
> your security that we'd encourage you to look elsewhere if necessary
> might be a real jolt to a lot of people.
For what it's worth, I think this is a _very_ good idea.
-Boris
David E. Ross
> On 4/20/2011 10:33 AM, Christian Legnitto wrote:
>> The plan is to only do 3.6 and 3.5. Users on 3.0 have ignored the 3.6 prompt many times and QA's testing for 3.0 MUs are 100% manual. We might go back and do the 3.0 prompt if we have the resources but we aren't planning to do so currently.
>>
>> Christian
>
> I think we should package up a 4.0.1 release as a mandatory security
> update for Firefox 2.0.x and Firefox 3.0.x users. Nobody should be using
> 2.0.x or 3.0.x. They are horribly insecure, completely unsupported, are
> almost assuredly going to be turned into spambots and are a threat to
> the health of the Web and every other user of the Web.
>
Any update forced upon me when I have set my preferences to prohibit
such updates will result in a criminal complaint under U.S. law. There
are federal laws against unwelcome tampering with someone else's computer.
You can let me know about updates and offer them to me. But the law
requires that you allow me the option to decide whether or not to accept
such updates.
--
David E. Ross
<http://www.rossde.com/>
On occasion, I might filter and ignore all newsgroup messages
posted through GoogleGroups via Google's G2/1.0 user agent
because of spam from that source.
Christian Legnitto
We did something similar for 3.0 already:
https://bugzilla.mozilla.org/show_bug.cgi?id=624620 - "Scary" google homepage snippets
https://bugzilla.mozilla.org/show_bug.cgi?id=609085 - "Scary" update offer
We start with the carrot ("upgrade to this new release, it's awesome!"), end with the stick ("you are insecure, update now!").
If we're going to do it again, why would we tell them to look elsewhere? We have to do all that work to do the prompt, we'd just offer them a newer version of Firefox.
Again, there is cost to doing this for any release < 3.5 as QA's update testing isn't automated for those versions. We WILL loop back around on this for < 3.5 but we're more focused on how to handle 3.5's impending EOL currently.
Christian
Robert Strong
> On 4/20/11 12:47 PM, Asa Dotzler wrote:
>> On 4/20/2011 10:33 AM, Christian Legnitto wrote:
>>> The plan is to only do 3.6 and 3.5. Users on 3.0 have ignored the 3.6 prompt many times and QA's testing for 3.0 MUs are 100% manual. We might go back and do the 3.0 prompt if we have the resources but we aren't planning to do so currently.
>>>
>>> Christian
>> I think we should package up a 4.0.1 release as a mandatory security
>> update for Firefox 2.0.x and Firefox 3.0.x users. Nobody should be using
>> 2.0.x or 3.0.x. They are horribly insecure, completely unsupported, are
>> almost assuredly going to be turned into spambots and are a threat to
>> the health of the Web and every other user of the Web.
>>
>> - A
> Any update forced upon me when I have set my preferences to prohibit
> such updates will result in a criminal complaint under U.S. law. There
> are federal laws against unwelcome tampering with someone else's computer.
>
> You can let me know about updates and offer them to me. But the law
> requires that you allow me the option to decide whether or not to accept
> such updates.
to always prompt. As a matter of fact, we always prompt for major
updates even if the user has selected to just download and apply the
update prior to Firefox 4. As of Firefox 4 the Firefox drivers can
choose to actually respect this preference for both major and minor
updates. This way if the product drivers believe the user needs to
consent prior to downloading and applying an update they can. To be
abundantly clear... what you are concerned about is not possible.
btw: keep in mind that the terms major and minor are just metadata and
are used by the client prior to Firefox 4 to force prompting for major
updates.
Robert
Christian Legnitto
On Apr 22, 2011, at 11:27 AM, David E. Ross wrote:
> On 4/20/11 12:47 PM, Asa Dotzler wrote:
>> On 4/20/2011 10:33 AM, Christian Legnitto wrote:
>>> The plan is to only do 3.6 and 3.5. Users on 3.0 have ignored the 3.6 prompt many times and QA's testing for 3.0 MUs are 100% manual. We might go back and do the 3.0 prompt if we have the resources but we aren't planning to do so currently.
>>>
>>> Christian
>>
>> I think we should package up a 4.0.1 release as a mandatory security
>> update for Firefox 2.0.x and Firefox 3.0.x users. Nobody should be using
>> 2.0.x or 3.0.x. They are horribly insecure, completely unsupported, are
>> almost assuredly going to be turned into spambots and are a threat to
>> the health of the Web and every other user of the Web.
>>
>> - A
>
> Any update forced upon me when I have set my preferences to prohibit
> such updates will result in a criminal complaint under U.S. law. There
> are federal laws against unwelcome tampering with someone else's computer.
Chill out. We're not talking about sending an update when a user has opted out of updates entirely or asked to be notified first. We are talking about users that already have automatic updates turned on. Nowhere in the UI does it say what the content of those updates is or that the updates can't jump across versions.
> You can let me know about updates and offer them to me.
There's an explicit preference in the options to notify or install automatically. If it is checked to do so automatically we can send an update. Again, we are not talking about overriding that preference.
> But the law
> requires that you allow me the option to decide whether or not to accept
> such updates.
Please cite this law as I am unfamiliar with it and would like to read up.
Thanks,
Christian
Asa Dotzler
> On 4/20/11 12:47 PM, Asa Dotzler wrote:
>> I think we should package up a 4.0.1 release as a mandatory security
>> update for Firefox 2.0.x and Firefox 3.0.x users. Nobody should be using
>> 2.0.x or 3.0.x. They are horribly insecure, completely unsupported, are
>> almost assuredly going to be turned into spambots and are a threat to
>> the health of the Web and every other user of the Web.
>>
>> - A
>
> Any update forced upon me when I have set my preferences to prohibit
> such updates will result in a criminal complaint under U.S. law. There
> are federal laws against unwelcome tampering with someone else's computer.
>
> You can let me know about updates and offer them to me. But the law
> requires that you allow me the option to decide whether or not to accept
> such updates.
>
Now you're just being silly (that or you're mounting a serious effort to
ensure that no one takes you seriously here.)
If you have automatic updates turned on, and Mozilla delivers an
automatic update through that channel, Mozilla is doing nothing wrong
and certainly nothing criminal.
If you're going to get hysterical and spew credibility-destroying
nonsense like that, please take it somewhere else besides our planning
group.
-A
Boris Zbarsky
> We did something similar for 3.0 already:
>
> https://bugzilla.mozilla.org/show_bug.cgi?id=624620 - "Scary" google homepage snippets
> https://bugzilla.mozilla.org/show_bug.cgi?id=609085 - "Scary" update offer
>
> We start with the carrot ("upgrade to this new release, it's awesome!"), end with the stick ("you are insecure, update now!").
I think that the "please just install another browser if you don't want
to update this one" wording is an escalation on our existing stick that
may be worth pursuing.
It may also be worth pursuing _much_ scarier versions of the language
here (e.g. "This version of Firefox is no longer safe to use for online
banking" or "Using this version of Firefox allows websites to see
everything you type on this computer if they want to" or whatnot; yes I
think these are accurate descriptions of Firefox 3 at this point). The
text in bug 609085 is pretty tame and euphemistic; I can definitely see
users not thinking the problem is such a big deal.
> If we're going to do it again, why would we tell them to look elsewhere? We have to do all that work to do the prompt, we'd just offer them a newer version of Firefox.
We should do the latter too, sure. But I think we should make it clear
that staying on their current browser version is a _really_ bad idea.
> Again, there is cost to doing this for any release< 3.5 as QA's update testing isn't automated for those versions. We WILL loop back around on this for< 3.5 but we're more focused on how to handle 3.5's impending EOL currently.
That's fine; I'm just saying we should do something here, not that doing
it is more important than the other things we also need to do. ;)
-Boris
David E. Ross
You indicated forcing updates on users. You mentioned "mandatory
security update". What am I to think about your use of the word
"mandatory"?
David E. Ross
The law against unauthorized third-party tampering with a computer is
cited (without indicating a title or section number) in various news
articles about federal prosecution of hackers. The next time I see such
a news article, I will attempt to get the specifics.
Boris Zbarsky
> You indicated forcing updates on users. You mentioned "mandatory
> security update". What am I to think about your use of the word
> "mandatory"?
It contrasts with the "we ask you if you want to update" prompted update.
Note that historically an update from 3.0 to 4.0 or the like is prompted
even if your preferences say "Automatically download and install the
update" (the default setting), because we only did the automatic thing
for minor updates.
Asa is suggesting we treat the update from 3.0 to 4.0 the same way we
would treat an update from 3.0.95 to 3.0.96. That's still controlled by
your preferences, of course.
-Boris
Cameron Kaiser
> > couldn't have them contribute like the OS/2 and solaris people,
> > including providing binaries in the contrib directories on our ftp
> > archive?
>
> out-of-tree patches; that's why there were the official builds, and then
> there were separate enhanced builds:http://pmw-warpzilla.sourceforge.net/http://pmw-warpzilla.sourceforge.net/no_PmW-Fx3.html
>
> I know that branding was at least one of the concerns (hence Peter had
> PmW-Fx and PmW-Tb). If that's the only real concern, could TenFourFox
> builds be in the contrib directory, even if they aren't called "Firefox"?
I noticed this thread just today, so sorry about the late reply.
TenFourFox as the name implies also supports Tiger, primarily for G3
users and people who still use Classic. There was talk earlier (I
think it was Philip Chee) about putting these patches into the tree,
but with 10.4 support gone, it was voted down at the time and I don't
think that has changed. So it will always remain a modified build. El
Furbe, Xabaris and a couple others still build "true" PowerPC 10.5
Firefoxes and these would be more appropriate for contrib as they are
otherwise unmodified. That said, I certainly wouldn't mind being the
"legacy support arm" for Power Macs.
The POWER-general features I'm piecemealing out as separate bugs,
including 624164, and these I hope to get into the tree for the
benefit of other POWER ISA builders. TenFourFox also has various VMX
accelerations which are coming out as part of 4.0.1. Feel free to talk
to me about this off group if you are interested.
Cameron Kaiser
Robert O'Callahan
it's actively maintained? Seems to make at least as much sense as having
OS/2 support in mozilla-central!
Rob
--
"Now the Bereans were of more noble character than the Thessalonians, for
they received the message with great eagerness and examined the Scriptures
every day to see if what Paul said was true." [Acts 17:11]
Ron Hunter
Asa is suggesting pushing out a 'security update' for V2 and V3 users
that actually is an update to V4,5,6, etc. Yes, it IS a security
update, but so much more. I suspect that it would not be taken well by
the kind of user who hasn't updated Firefox since V2, since they
probably would not load that one either.
Robert Strong
don't want it. I am also certain there are people that do want it. For
example, we surveyed people via the update billboard awhile back and
many declined it because they thought they would have to pay for the
upgrade. The people that don't want it have the option of disabling
automatic updates and I bet some of the users that fall into that
category have done so.
Robert
Joe Drew
> Hmm, why don't we take the TenFourFox patches into mozilla-central, given
> it's actively maintained? Seems to make at least as much sense as having
> OS/2 support in mozilla-central!
Depends how intrusive they are. OS/2 has its own widget implementation
and is otherwise pretty low-touch from the point of view of someone
uninterested in the port.
As a separate file or entirely separate widget implementation, I say go
ahead!
Joe
Cameron Kaiser
> > it's actively maintained? Seems to make at least as much sense as having
> > OS/2 support in mozilla-central!
>
> Depends how intrusive they are. OS/2 has its own widget implementation
> and is otherwise pretty low-touch from the point of view of someone
> uninterested in the port.
>
> As a separate file or entirely separate widget implementation, I say go
> ahead!
Right now 10.4Fx touches gfx/, layout/ (for plugin reasons), js/src/
nanojit/ and widget/. The plugin changes are a sop to users who begged
to keep Flash one more cycle, but Flash and other plugins are to be
doomed in "TenFourFox 5." Spinning off the Cocoa widget library as a
separate one for 10.4Fx should similarly be simple, but the gfx/
changes might not be acceptable because essentially they force
everything through Harfbuzz, even fonts that currently need AAT,
because the secret CoreText in Tiger can't do glyph positioning
completely enough. I'm willing to invest time in this, but the scope
is greater than widget code, so I'd want a reasonable guarantee of
acceptability before I embarked on it. This is sort of orthogonal to
this thread anyway (there's bug 621175 that someone filed about it),
unless it were to serve as the official release valve for unsupported
Power Macs.
Cameron Kaiser
Robert O'Callahan
> Right now 10.4Fx touches gfx/, layout/ (for plugin reasons), js/src/
> nanojit/ and widget/. The plugin changes are a sop to users who begged
> to keep Flash one more cycle, but Flash and other plugins are to be
> doomed in "TenFourFox 5." Spinning off the Cocoa widget library as a
> separate one for 10.4Fx should similarly be simple, but the gfx/
> changes might not be acceptable because essentially they force
> everything through Harfbuzz, even fonts that currently need AAT,
> because the secret CoreText in Tiger can't do glyph positioning
> completely enough. I'm willing to invest time in this, but the scope
> is greater than widget code, so I'd want a reasonable guarantee of
> acceptability before I embarked on it. This is sort of orthogonal to
> this thread anyway (there's bug 621175 that someone filed about it),
> unless it were to serve as the official release valve for unsupported
> Power Macs.
>
Yeah I suspect we don't want to do that.
No point in making work for you, either. The question is, is there anything
easy we can do to make your life easier?
Cameron Kaiser
>
> No point in making work for you, either. The question is, is there anything
> easy we can do to make your life easier?
The most important thing I really need is to be able to see security-
locked bugs in Bugzilla. While I can derive the flaw by reading the hg
commit, it's not exactly ideal, and if the fix for PPC is different it
helps to understand the actual bug the commit is correcting. Plus, if
we're working off an old branch (a distinct future possibility) then
I'll really need to understand the flaw to write an appropriate patch.
However, I don't know if there is a policy or process that I have to
go through first. If anyone can let me know whom to ask, I would
appreciate it. I sent a message to dveditz about it some time ago, but
I never heard anything further.
Short of that, just give me lots of warning before 10.5 support hits
the fan :) and I promise to stop hijacking this thread.
Cameron Kaiser
Robert O'Callahan
> The most important thing I really need is to be able to see security-
> locked bugs in Bugzilla. While I can derive the flaw by reading the hg
> commit, it's not exactly ideal, and if the fix for PPC is different it
> helps to understand the actual bug the commit is correcting. Plus, if
> we're working off an old branch (a distinct future possibility) then
> I'll really need to understand the flaw to write an appropriate patch.
> However, I don't know if there is a policy or process that I have to
> go through first. If anyone can let me know whom to ask, I would
> appreciate it. I sent a message to dveditz about it some time ago, but
> I never heard anything further.
>
Aha! You want to join security-group. Let's try that.
Georg Maaß
> I think you haven't really substantiated the danger here. If a person is
> running PPC Leopard with the latest point release of Firefox 3.6 or
> TenFourFox with FlashBlock enabled (and random old plug-ins disabled),
> is there any evidence of her being a danger to herself or to others?
Leopard does not provide the classic engine any longer, so persons who
require the classic engine to run historical software end in Tiger
without any security support.
This is very poor form Apple providing no more security support for few
years old platforms. But it is also poor from any other vendor
(including mozilla.org) not to support newest security fixes for at
least 10 years old platforms. Private computers life time is usually
more than 10 years. Apples plattform EOL is about half time of apple
care for hardware, which is a very bas joke.
Henri Sivonen
> On 4/22/11 2:51 PM, Christian Legnitto wrote:
> > We did something similar for 3.0 already:
> >
> > https://bugzilla.mozilla.org/show_bug.cgi?id=624620 - "Scary" google homepage snippets
> > https://bugzilla.mozilla.org/show_bug.cgi?id=609085 - "Scary" update offer
> >
> > We start with the carrot ("upgrade to this new release, it's awesome!"), end with the stick ("you are insecure, update now!").
>
> I think that the "please just install another browser if you don't want
> to update this one" wording is an escalation on our existing stick that
> may be worth pursuing.
>
> It may also be worth pursuing _much_ scarier versions of the language
> here
I agree with Boris on both counts.
I think the "scary" text isn't at all as scary as it needs to be to
actually scare people. (My assessment has been calibrated by trying to
communicate the seriousness of Flash Player vulnerabilities to family.)
Telling people that Mozilla is so worried about their safety that it
would rather have them use a competing product if they refuse to take
Mozilla's latest would probably be more effective at driving home the
point that this is serious than any particular scary language.
On Thu, 2011-04-21 at 13:03 -0700, Asa Dotzler wrote:
> On 4/21/2011 1:22 AM, Henri Sivonen wrote:
>
> >> She really shouldn't be connecting to
> >> the internet at all. She's a danger to herself and to others.
> >
> > I think you haven't really substantiated the danger here. If a
> person is
> > running PPC Leopard with the latest point release of Firefox 3.6
>
> First, I don't care much about the maybe hundreds of people on PPC
> Leopard Firefox. I just used that post as a jumping off point to talk
> about more substantial volumes of users.
OK.
> I propose, therefor, that we take this opportunity to stop supporting
> all older versions and mandate upgrades to newer versions. I further
> propose that for those users on versions that become unsupported, and
> who will not, for whatever reason, move forward to a supported
> Firefox
> version, that we do help users get back to IE 6/7/8/9/whatever by
> what
> ever means we have available, including (we'd have to add the
> feature)
> disabling Firefox completely.
People would (rightly) get *very* angry if you flip a remote kill switch
on software that you've shipped to them. I think disabling old versions
shouldn't be done.
I also think it's not appropriate to update old versions to 4.0 more
silently than how major updates have been done in the past, because that
wasn't part of the deal when the users agreed to install Firefox in the
first place. (I do think that starting with Firefox 5 we should make all
updates automatic and silent but make sure that the deal is disclosed to
users at the time of installing software.)
BTW, is there a plan to make the updater in Firefox 5 run with
administrator privileges in the background so that the user doesn't need
to deal with authorization prompts once an admin user has installed the
app in the first place? Currently, it's a problem that there are Firefox
installation instances that are in active use but that don't get updates
because the user doesn't have administrator privileges on his/her laptop
while the people who do have the privileges aren't really taking care of
updating laptops that aren't permanently on a corporate network.
--
Henri Sivonen
hsiv...@iki.fi
http://hsivonen.iki.fi/
Jean-Marc Desperrier
> somebody has a pet bug that first showed up in Firefox 3.6.x, which
> makes it unusable in their situation. They even reported the bug, but
> fixing it has been prioritized down to "someday we will look into that
> again."
I think it would help if that class of bug had a significantly higher
priority.
I remember the Firefox 3.0 "losing cookies" bug, that took a quite long
time to be acknowledged. Next it took a while to study (finding the root
cause wasn't easy at all) and fix it, but the trouble is the significant
period during which it wasn't investigated at all despite being reported
by a good number of users.
IMO any hindrance on updating is a major problem with the new fast
update scheme, so spending more time after each release to identify such
patterns, and act to solve the problem asap will be really important.
Asa Dotzler
> People would (rightly) get *very* angry if you flip a remote kill switch
> on software that you've shipped to them. I think disabling old versions
> shouldn't be done.
OK. Then I revise my proposal. We don't add a kill switch. We just hit
them with the scary banner 10 times a day until they move back to IE6.
- A
Robert Kaiser
> I also think it's not appropriate to update old versions to 4.0 more
> silently than how major updates have been done in the past, because that
> wasn't part of the deal when the users agreed to install Firefox in the
> first place.
I can't remember that there was a deal there at all. But then, before
4.0 I was not part of the Firefox effort. I don't remember any deal I
heard of though, and we never had one on SeaMonkey, which I was working
on back then.
Robert Kaiser
--
Note that any statements of mine - no matter how passionate - are never
meant to be offensive but very often as food for thought or possible
arguments that we as a community needs answers to. And most of the time,
I even appreciate irony and fun! :)
Steve Wendt
> BTW, is there a plan to make the updater in Firefox 5 run with
> administrator privileges in the background so that the user doesn't need
> to deal with authorization prompts once an admin user has installed the
> app in the first place? Currently, it's a problem that there are Firefox
> installation instances that are in active use but that don't get updates
> because the user doesn't have administrator privileges on his/her laptop
> while the people who do have the privileges aren't really taking care of
> updating laptops that aren't permanently on a corporate network.
+1 - this is a very real problem.
Ron Hunter
WHY would you advocate ANYONE moving to what MS considers to be the
least secure version of their software? I doubt any version of FF is
worse for security than IE6.
Boris Zbarsky
> WHY would you advocate ANYONE moving to what MS considers to be the
> least secure version of their software? I doubt any version of FF is
> worse for security than IE6.
Firefox 2.0 and 3.0 are worse than IE6 at this point, because the latter
is actually getting security patches while the former are NOT (and there
have been security vulnerabilities publicly disclosed that are present
in those Firefox versions). That's Asa's whole point!
-Boris
Robert Strong
>> On 4/22/11 2:51 PM, Christian Legnitto wrote:
>>> We did something similar for 3.0 already:
>>>
>>> https://bugzilla.mozilla.org/show_bug.cgi?id=624620 - "Scary" google homepage snippets
>>> https://bugzilla.mozilla.org/show_bug.cgi?id=609085 - "Scary" update offer
>>>
>>> We start with the carrot ("upgrade to this new release, it's awesome!"), end with the stick ("you are insecure, update now!").
>> I think that the "please just install another browser if you don't want
>> to update this one" wording is an escalation on our existing stick that
>> may be worth pursuing.
>>
>> It may also be worth pursuing _much_ scarier versions of the language
>> here
> I agree with Boris on both counts.
>
> I think the "scary" text isn't at all as scary as it needs to be to
> actually scare people. (My assessment has been calibrated by trying to
> communicate the seriousness of Flash Player vulnerabilities to family.)
>
> Telling people that Mozilla is so worried about their safety that it
> would rather have them use a competing product if they refuse to take
> Mozilla's latest would probably be more effective at driving home the
> point that this is serious than any particular scary language.
>
> On Thu, 2011-04-21 at 13:03 -0700, Asa Dotzler wrote:
>> On 4/21/2011 1:22 AM, Henri Sivonen wrote:
>>
>>>> She really shouldn't be connecting to
>>>> the internet at all. She's a danger to herself and to others.
>>> I think you haven't really substantiated the danger here. If a
>> person is
>>> running PPC Leopard with the latest point release of Firefox 3.6
>> First, I don't care much about the maybe hundreds of people on PPC
>> Leopard Firefox. I just used that post as a jumping off point to talk
>> about more substantial volumes of users.
> OK.
>
>> I propose, therefor, that we take this opportunity to stop supporting
>> all older versions and mandate upgrades to newer versions. I further
>> propose that for those users on versions that become unsupported, and
>> who will not, for whatever reason, move forward to a supported
>> Firefox
>> version, that we do help users get back to IE 6/7/8/9/whatever by
>> what
>> ever means we have available, including (we'd have to add the
>> feature)
>> disabling Firefox completely.
> People would (rightly) get *very* angry if you flip a remote kill switch
> on software that you've shipped to them. I think disabling old versions
> shouldn't be done.
Agreed
> I also think it's not appropriate to update old versions to 4.0 more
> silently than how major updates have been done in the past, because that
> wasn't part of the deal when the users agreed to install Firefox in the
> first place. (I do think that starting with Firefox 5 we should make all
> updates automatic and silent but make sure that the deal is disclosed to
> users at the time of installing software.)
There is no deal beyond what the UI preferences and as long as we honor
them I don't think that we are breaking any "deals". As a matter of
fact, I have received complaints and bug reports because the Firefox
preferences state that the update will be downloaded automatically when
it is available (contingent on the extension compatibility preference)
and we always prompt for updates that are tagged as major.
> BTW, is there a plan to make the updater in Firefox 5 run with
> administrator privileges in the background so that the user doesn't need
> to deal with authorization prompts once an admin user has installed the
> app in the first place? Currently, it's a problem that there are Firefox
> installation instances that are in active use but that don't get updates
> because the user doesn't have administrator privileges on his/her laptop
> while the people who do have the privileges aren't really taking care of
> updating laptops that aren't permanently on a corporate network.
Not for Firefox 5. I started working on this a while back but other work
has taken priority repeatedly. For Firefox 5 it was deemed safer to
implement channel switching especially with the shortened development
cycle (3, 5, and 6 weeks vs. the planned 6, 6, and 6 weeks) for example.
I believe that the typical installation scenario is a user installs
whether they are admin or not (we support non-admin installs... library
workstations for example where the user might only have write access to
their profile directory). There are also corporate environments that
really don't take care of updating laptops, desktops, etc... and many
more scenarios!
In summary, silent updates is being worked on and all of the different
scenarios are being considered.
Robert
Robert Strong
only provide silent updates on Windows.
> _______________________________________________
> dev-planning mailing list
> dev-pl...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-planning
Robert Strong
don't reply in response to mythical functionality... there is no way for
us to "hit them with the scary banner 10 times a day until they move
back to IE6".
Thanks,
Robert
Asa Dotzler
This is missing some context. I said earlier in the thread:
> I propose, therefor, that we take this opportunity to stop supporting all older versions and mandate upgrades to newer versions. I further propose that for those users on versions that become unsupported, and who will not, for whatever reason, move forward to a supported Firefox version, that we do help users get back to IE 6/7/8/9/whatever by what ever means we have available, including (we'd have to add the feature) disabling Firefox completely.
This is in the context of "including (we'd have to add the feature)
disabling Firefox completely"
The feature I suggested was a kill switch and that's what Henri was
responding to. My reply which was obviously no as complete as it could
have been was meant to say "if we don't add a kill switch feature then
we add a feature that that annoys users with repeated banners driving
them away."
So, all of that was hypothetical and none of it suggesting we have the
ability to do so today. But anything can be added :-)
- A
Steve Fink
extending it. I'll change the subject line, at least. But...
I've seen many mentions of the term "major update". What does that mean?
In the past, it was associated with supposedly-meaningful version number
bumps (3.5.x -> 3.6 is major, 3.6.2 -> 3.6.3 is minor). That implies
that "major" is determined by what *we* feel is a major change in
functionality or... something. Significant intentional breakage in
backwards compatibility, perhaps. We've used it to decide whether to
automatically update or require explicit confirmation.
That hasn't necessarily corresponded to what our users felt like "major"
updates were, and going forward, we obviously can't tie it to version
numbers anymore. They're fading into the background.
But that gives us the opportunity to more closely connect our notion of
"major" to our users' notions of "major". And I would suggest that to a
user, major is almost entirely determined by either (1) whether my
extensions stop working (for those who use extensions), or (2)
significant UI changes (for those who are mostly on the stock browser.)
We'd like it to include (3) whether security updates are still being
issued, but users don't think that way.
What I'm saying is that to a first approximation, an extension-using
user will get pissed off on an automatic upgrade iff extensions break.
And a non-extension-using user will get pissed off iff some UI change
irritates them (many times, even if it's fairly easy to restore the
previous behavior, though maybe we can avoid that if we do a really
really good job of informing the user.)
The "breaks extensions" thing is very much where our notion of major
mismatches our users'. When our major updates break all of a users'
extensions, which is not uncommon, then we agree that the update is
major. If we silently update at this time, we get angry users. But when
an individual users' extensions have upgrades available for the new
version, then suddenly the Firefox version switch is pretty minor from
the user's point of view, even when it's a huge deal to us.
As a side note, my sister is in the non-extension-user category. I
upgraded her to Fx4. The next day, she emailed me demanding that I give
her back her old browser. It turned out to be two things: fuzzy text and
tabs-on-top. I disabled HW acceleration and put the tabs back down, and
she's happy. (IMHO, automatically switching people who use a bookmark
toolbar to tabs on top was a bad idea. Maybe if the bookmark toolbar
were repositionable... but I digress.) My point is that for these users,
there's a similar major/minor distinction that has little to do with
code revisions.
I'm not proposing anything concrete, but I think it's worth considering
that the question of whether to upgrade a user shouldn't just be based
on how much we feel like Firefox has changed. If I were to make a
proposal, it would be something like:
- when we stop providing security updates to your version, you get
obnoxious update notifications
- updates that we do not know break your extensions or modify your UI
get applied automatically (unless disabled)
- updates that we know break your extensions or modify your UI
substantially are prompted
- any UI change that is revertible is accompanied by a pre-update
clickthrough page that clearly describes the change and how to revert it
(and why not to)
- any other UI change gets the same clickthrough page but with just a
notification and an input.moz link to whine about it
- the clickthrough page allows canceling the update
- after updates have been blocked long enough by incompatible
extensions, we... do something reasonable.
That means that a once-major update can be demoted to a minor update,
and update timing is at least partly dependent on the extensions in a
user's active profile. I haven't actually thought any of that through,
but it'll serve as a strawman.
Robert Kaiser
> I've seen many mentions of the term "major update". What does that mean?
It means a race that is rapidly dying out. The updates to FF4 (or 4.0.1
for that matter) will be the last major updates we'll probably deliver.
Though, of course, we could still offer FF5 and higher to people on
pre-FF4 versions as major updates - but from FF4 onward, all will be
"minor" updates. :)
Georg Maaß
>> Sounds great. My sister has a G4 and is waiting for an update to her Firefox 2.
>
> Why wait?
>
> <http://www.floodgap.com/software/tenfourfox/>
>
> Versions available for G3, G4, and G5 processors.
Sounds good. Why isn't this under the roof of mozilla?
Ron Hunter
Because modifications are necessary to the program in order to make it
run on the currently unsupported hardware.
Georg Maaß
"Support" is doing modifications. So this is no argument but just a
sentence.
Asa Dotzler
This version does not meet Mozilla's requirements for being called
Firefox 4. It does not have the same capabilities as Firefox 4.
- A
Ron Hunter
stretch to cover systems that not even Apple supports any more. They
don't support OS9 either, and I suspect OS/2 support to die some time
soon, if it hasn't already.
beltzner
tiers of support, from the highest (which means integration tests are run on
the platform, and we won't ship without a working version on that platform)
to the lowest (which means no effort will be made to support it, not even
hosting the binaries that someone else makes).
As I understand it, the idea here is to host the PPC binaries, which seems
like a good idea and the right level of support for the Mozilla project to
offer the group interested in maintaining those packages.
cheers,
mike
Henri Sivonen
>
> This version does not meet Mozilla's requirements for being called
> Firefox 4. It does not have the same capabilities as Firefox 4.
Are the requirements documented somewhere?
What requirements would TenFourFox fail that Firefox 4 on Solaris on
Sparc wouldn't also fail?
The previous reason for not branding PPC builds "Firefox 4" has been the
lack of a JS JIT, but doesn't TenFourFox now have more JIT functionality
than the Solaris builds on Sparc that, as I understand things, do have
Firefox branding. (I don't have a Sparc computer at hand, so I didn't
actually test a Sparc build to see what icons it has.)
I'm not suggesting that the Solaris Sparc build should be deprived of
the Firefox name. However, I do think that in the case of minority
legacy platforms having Firefox available would be more brand-positive
than not having all the JIT performance would be brand-negative
(especially when there aren't other JS JITs available for the platform).
Mike Hommey
> On Sat, 2011-04-30 at 11:40 -0700, Asa Dotzler wrote:
> >
> > Firefox 4. It does not have the same capabilities as Firefox 4.
>
>
> What requirements would TenFourFox fail that Firefox 4 on Solaris on
> Sparc wouldn't also fail?
>
> The previous reason for not branding PPC builds "Firefox 4" has been the
> lack of a JS JIT, but doesn't TenFourFox now have more JIT functionality
> than the Solaris builds on Sparc that, as I understand things, do have
> Firefox branding. (I don't have a Sparc computer at hand, so I didn't
> actually test a Sparc build to see what icons it has.)
>
> I'm not suggesting that the Solaris Sparc build should be deprived of
> the Firefox name. However, I do think that in the case of minority
> legacy platforms having Firefox available would be more brand-positive
> than not having all the JIT performance would be brand-negative
> (especially when there aren't other JS JITs available for the platform).
(let alone other modern browsers)
Mike
Dao
> The previous reason for not branding PPC builds "Firefox 4" has been the
> lack of a JS JIT,
Umm, didn't Firefox 3.6 as shipped by various Linux distros lack JIT?
Mike Hommey
Actually, isn't Firefox 3.6 as shipped by Mozilla for Linux64 lacking
JIT?
Mike
Boris Zbarsky
Mozilla didn't ship any official Firefox 3.6 for Linux64 builds. There
are no Linux64 builds anywhere under
http://releases.mozilla.org/pub/mozilla.org/firefox/releases/latest-3.6/
for example.
And yes, the fact that the Linux64 builds were allowed to be branded as
"Firefox" was a serious mistake, in my opinion.
-Boris
Henri Sivonen
> On 5/2/11 7:25 AM, Mike Hommey wrote:
> > On Mon, May 02, 2011 at 12:58:17PM +0200, Dao wrote:
> >> On 02.05.2011 12:37, Henri Sivonen wrote:
> >>> The previous reason for not branding PPC builds "Firefox 4" has been the
> >>> lack of a JS JIT,
> >>
> >> Umm, didn't Firefox 3.6 as shipped by various Linux distros lack JIT?
Yes, but Asa said "Firefox 4" and the previous JIT reason in the Mac PPC
context was specifically about speed being part of what Firefox *4* was
positioned to have.
> > Actually, isn't Firefox 3.6 as shipped by Mozilla for Linux64 lacking
> > JIT?
>
> Mozilla didn't ship any official Firefox 3.6 for Linux64 builds. There
> are no Linux64 builds anywhere under
> http://releases.mozilla.org/pub/mozilla.org/firefox/releases/latest-3.6/
> for example.
>
> And yes, the fact that the Linux64 builds were allowed to be branded as
> "Firefox" was a serious mistake, in my opinion.
I agree.
However, Linux x86_64 isn't a legacy platform and within the Linux
universe isn't even perceived as a minority platform. I think "Firefox"
without a JIT on x86, x86_64 or ARM would be bad as long as those CPU
architectures aren't perceived as legacy and have other JIT-enabled
browsers available (where JITting x86 browsers count as "available" on
x86_64).
Asa Dotzler
> On Sat, 2011-04-30 at 11:40 -0700, Asa Dotzler wrote:
>>
>> This version does not meet Mozilla's requirements for being called
>> Firefox 4. It does not have the same capabilities as Firefox 4.
>
> Are the requirements documented somewhere?
>
> What requirements would TenFourFox fail that Firefox 4 on Solaris on
> Sparc wouldn't also fail?
>
> The previous reason for not branding PPC builds "Firefox 4" has been the
> lack of a JS JIT, but doesn't TenFourFox now have more JIT functionality
> than the Solaris builds on Sparc that, as I understand things, do have
> Firefox branding. (I don't have a Sparc computer at hand, so I didn't
> actually test a Sparc build to see what icons it has.)
>
> I'm not suggesting that the Solaris Sparc build should be deprived of
> the Firefox name.
I would suggest that it be deprived of the Firefox name. If it doesn't
perform like Firefox, I don't think it should be called Firefox --
unless it's been specially exempted (as I imagine an "experimental but
official win64" build might be")
- A
Mike Hommey
Do you really think a slowish Firefox on sparc hurts more the brand than
no Firefox at all on a platform that probably has no other browser
supporting HTML5 and other modern web standards? I, for one, think it
doesn't hurt the brand at all.
Mike
Steve Wendt
> I suspect OS/2 support to die some time soon, if it hasn't already.
Why is that? The OS/2 builds remain current, up to and including Gecko
2.0.x at least.
Asa Dotzler
I don't think it matters one way or the other for platforms that never
get any media coverage. For those that do, like Ten Four Fox, I think it
matters a great deal.
I also think it's odd to say "it's OK for Spark but not OK for PPC" and
so I'd rather we just say no for all. The alternatives are that we say
yes for all, which I think is a horrible idea, or that we spend time
hashing it out for every platform -- something that seems horribly
wasteful when there are much more important problems to be dealing with.
- A
Mike Hommey
So, I take it that if bug 555935 ever gets somewhere, I'd have to
generate Firefox packages for some architectures, and non-Firefox
packages for some others. Awesome.
Mike
Philip Chee
I saw some recent checkins that suggest that Oracle is working on
getting JIT up on SPARC architectures.
Phil
--
Philip Chee <phi...@aleytys.pc.my>, <phili...@gmail.com>
http://flashblock.mozdev.org/ http://xsidebar.mozdev.org
Guard us from the she-wolf and the wolf, and guard us from the thief,
oh Night, and so be good for us to pass.