lifecycle policy

2819 views
Skip to first unread message

philou

unread,
May 17, 2011, 8:54:47 AM5/17/11
to
Hi,

I'm currently using version 3.6. I want to stay on 3.6 as long as
possible but I'm not sure how much longer Mozilla will support it. Is
there a lifecycle policy in place for versions. Are there any know End
of Life/Support dates?

best regards,
Philippe

Henri Sivonen

unread,
May 17, 2011, 9:08:52 AM5/17/11
to dev-pl...@lists.mozilla.org
> I'm currently using version 3.6. I want to stay on 3.6 as long as
> possible

Why do you want to stay on 3.6 instead of upgrading to the latest version?

--
Henri Sivonen
hsiv...@iki.fi
http://hsivonen.iki.fi/

beltzner

unread,
May 17, 2011, 9:46:47 AM5/17/11
to Henri Sivonen, dev-pl...@lists.mozilla.org
What Henri meant to say is that there is no policy. Mozilla attempts to keep
old versions updated until users have had an opportunity to.upgrade, but
does not guarantee that older versions will be supported once a new version
is available.

(In the past, though, Mozilla has kept older versions up to date for much
longer than this)

cheers,
mike


On 17/05/2011 9:09 AM, "Henri Sivonen" <hsiv...@iki.fi> wrote:
>> I'm currently using version 3.6. I want to stay on 3.6 as long as
>> possible
>

> Why do you want to stay on 3.6 instead of upgrading to the latest version?
>
> --
> Henri Sivonen
> hsiv...@iki.fi
> http://hsivonen.iki.fi/

> _______________________________________________
> dev-planning mailing list
> dev-pl...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-planning

philou

unread,
May 17, 2011, 10:35:58 AM5/17/11
to
Hi,

thanks for your reply.
In fact, I make spécific dev under 3.6 which don't work on 4.0. I
would like to know how long I have to change all.

Do you think Mozilla with keep version under LTS (long term support)
like Ubuntu for example, since they will launch a new version every 6
month or less (?)

Best regards,
Philippe

Mike Connor

unread,
May 17, 2011, 10:41:07 AM5/17/11
to philou, dev-pl...@lists.mozilla.org
From previous statements, there is no plan at this time to do an LTS-like distribution.

-- Mike

Nicholas Nethercote

unread,
May 17, 2011, 8:33:55 PM5/17/11
to philou, dev-pl...@lists.mozilla.org
On Wed, May 18, 2011 at 12:35 AM, philou <rayn...@gmail.com> wrote:
>
> In fact, I make spécific dev under 3.6 which don't work on 4.0. I
> would like to know how long I have to change all.

Everyone's being very cautious in this thread to make no promises at
all. But I suspect, based on historical data, that it is likely
(though not guaranteed) that 3.6 will be supported for several months
at least. In particular, we're only just about to stop supporting
3.5, and I haven't heard anything yet about dropping 3.6 support.

Am I completeness off-base here?

philou, with respect to the 3.6-specific development you have done, if
you describe what you've done I'm sure someone could help you
transition your code to 4.0+. (But dev-platform would be a better
place to ask about that.)

Nick

Matt Brubeck

unread,
May 18, 2011, 1:15:08 PM5/18/11
to
Long ago during the Firefox 2.0 cycle, Mozilla's policy was that each major version would be supported for six months after the next major version was released [1]. Historically, support has actually lasted longer than that. For example, Firefox 3.0 updates lasted until March 30, 2010 (nearly a year after Firefox 3.5 was released), and Firefox 3.5 is still supported today (more than a year after Firefox 3.6 was released).

However, as far as I know there is no current policy specifying a specific length of support for Firefox 3.6 or 4. For Firefox 5 and later, the new version will *be* the security update for the previous version, so users will need to stay on the release channel to be supported and receive updates.

1. https://wiki.mozilla.org/index.php?title=ReleaseRoadmap&oldid=168833

Mike Shaver

unread,
May 18, 2011, 1:45:19 PM5/18/11
to dev-pl...@lists.mozilla.org
On Wed, May 18, 2011 at 1:15 PM, Matt Brubeck <mbru...@mozilla.com> wrote:
> Long ago during the Firefox 2.0 cycle, Mozilla's policy was that each major version would be supported for six months after the next major version was released [1].

"up to six months", actually, though as you say we have always (IIRC)
gone a fair bit longer than that.

Mike

Daniel Veditz

unread,
May 18, 2011, 2:51:40 PM5/18/11
to mozilla.de...@googlegroups.com, dev-pl...@lists.mozilla.org, Matt Brubeck
On 5/18/11 10:15 AM, Matt Brubeck wrote:
> However, as far as I know there is no current policy specifying a
> specific length of support for Firefox 3.6 or 4.

Several people have repeatedly said in public places (newsgroups,
planning meeting, Monday meeting; could not find a blog or wiki
page) that Firefox 5 will be the security update to Firefox 4, and
that there will be no 4.0.2 unless some issue between now and
shipping Fx5 requires a chemspill response.

-Dan Veditz

Asa Dotzler

unread,
May 18, 2011, 2:55:59 PM5/18/11
to


I think we have three obvious options:

1) Just do what we've done in the past and continue offering updates to
3.6 and 4.0 until we are comfortable with the balance between "as long
as it takes to get most users migrated forward" and "until porting
security fixes back becomes unbearable".

2) Pull all the levers at our disposal, including automatic updates to
new major versions, as quickly as we can and stop back-porting all
security updates.

3) Treat 3.6 users differently from 4.0 users because the jump from 3.6
to 4 is much larger than the jump from 4.0 to 5.0. Keep supporting 3.6
with security updates and increasingly loud prompted updates to our
latest release until that number of users is low enough to make the
updates automatic. Make Firefox 5 an automatic update for Firefox 4 users.

I think 3 is the path we're on right now.

- A

Robert Kaiser

unread,
May 18, 2011, 5:00:43 PM5/18/11
to
Mike Shaver schrieb:

Erm, IIRC, it was "at least six months" - and we probably are somewhat
bound to that earlier promise still for 3.6 - we should not be for 4 or
later, but I think we didn't say that very loudly, even though it's been
our understanding for some time.

Robert Kaiser


--
Note that any statements of mine - no matter how passionate - are never
meant to be offensive but very often as food for thought or possible
arguments that we as a community needs answers to. And most of the time,
I even appreciate irony and fun! :)

Robert Kaiser

unread,
May 18, 2011, 5:03:31 PM5/18/11
to
Matt Brubeck schrieb:

> However, as far as I know there is no current policy specifying a specific length of support for Firefox 3.6 or 4.

We never stated a _specific_ length ever, we stated a minimum, and for
3.6 we probably need to follow that one.

Firefox 4 should be treated as a member of the new breed in that regard,
and have 5 as its security update.

Actually, we are prolonging the security support for 4 and later, it's
not just a minimum of six months any more, now it's "forever", just that
the security updates always bring features and a new "version" as well. ;-)

Robert Kaisre

Asa Dotzler

unread,
May 18, 2011, 5:26:30 PM5/18/11
to
On 5/18/2011 2:00 PM, Robert Kaiser wrote:
> Mike Shaver schrieb:
>> On Wed, May 18, 2011 at 1:15 PM, Matt Brubeck<mbru...@mozilla.com>
>> wrote:
>>> Long ago during the Firefox 2.0 cycle, Mozilla's policy was that each
>>> major version would be supported for six months after the next major
>>> version was released [1].
>>
>> "up to six months", actually, though as you say we have always (IIRC)
>> gone a fair bit longer than that.
>
> Erm, IIRC, it was "at least six months" - and we probably are somewhat
> bound to that earlier promise still for 3.6

Actually that's wrong. The exact text of our commitment was:

"Last release to be supported with official security/stability updates
no more than six months following general available of current release"

You can find this throughout our old roadmap documents.

But we're so far past 6 months for 3.6 that it's a moot point there.

> we should not be for 4 or later, but I think we didn't say that

We've been saying it pretty loudly since before 4 shipped. I'm not going
to worry too much there.

- A

Asa Dotzler

unread,
May 18, 2011, 5:54:00 PM5/18/11
to
On 5/18/2011 2:03 PM, Robert Kaiser wrote:
> Matt Brubeck schrieb:
>> However, as far as I know there is no current policy specifying a
>> specific length of support for Firefox 3.6 or 4.
>
> We never stated a _specific_ length ever, we stated a minimum

As I said in my earlier comment, that is incorrect. We stated a maximum
-- one that we've regularly ignored for the last few years in favor of
trying to keep users on a secure version of Firefox.

- A

John Thomsen

unread,
May 18, 2011, 6:37:53 PM5/18/11
to dev-pl...@lists.mozilla.org
On 2011-05-18 23:26, Asa Dotzler wrote:
> On 5/18/2011 2:00 PM, Robert Kaiser wrote:
>> Erm, IIRC, it was "at least six months" - and we probably are somewhat
>> bound to that earlier promise still for 3.6
>
> Actually that's wrong. The exact text of our commitment was:
>
> "Last release to be supported with official security/stability updates
> no more than six months following general available of current release"
>
> You can find this throughout our old roadmap documents.

Okay.

It is also possible to find the opposite statement. According to [1]
talking about Firefox 3:

"our policy is that there's a minimum of 6 months support after n+1
version is out"

However, it doesn't really matter, because it is hard to gracefully kill
these old major versions within 6 months anyway.


> But we're so far past 6 months for 3.6 that it's a moot point there.

You're thinking of 3.5 not 3.6, I believe. See list below compiled from
release notes and other notes:

FF 1.0 had updates for about 6 months after 1.5
FF 1.5 had updates for about 7 months after 2.0
FF 2.0 had updates for about 6 months after 3.0
FF 3.0 had updates for about 9 months after 3.5
FF 3.5 is still alive 16 months after 3.6
FF 3.6 is still alive 2 months after 4.0
FF 4.0 will be unsupported the moment FF 5.0 is released
FF 5.0 will be unsupported the moment FF 6.0 is released
FF 6.0 will be unsupported the moment FF 7.0 is released
...


Regards,
John

[1] https://wiki.mozilla.org/Firefox/Planning/2010-01-27

Asa Dotzler

unread,
May 18, 2011, 7:03:13 PM5/18/11
to
On 5/18/2011 3:37 PM, John Thomsen wrote:
> On 2011-05-18 23:26, Asa Dotzler wrote:
>> On 5/18/2011 2:00 PM, Robert Kaiser wrote:
>>> Erm, IIRC, it was "at least six months" - and we probably are somewhat
>>> bound to that earlier promise still for 3.6
>>
>> Actually that's wrong. The exact text of our commitment was:
>>
>> "Last release to be supported with official security/stability updates
>> no more than six months following general available of current release"
>>
>> You can find this throughout our old roadmap documents.
>
> Okay.
>
> It is also possible to find the opposite statement. According to [1]
> talking about Firefox 3:
>
> "our policy is that there's a minimum of 6 months support after n+1
> version is out"

That's a mis-statement of our policy in a page of meeting notes. Sure
you can find all kinds of wrong information if you go digging for it.
The policy is a maximum of 6 months and it has been for years.

>
>> But we're so far past 6 months for 3.6 that it's a moot point there.
>
> You're thinking of 3.5 not 3.6, I believe.

Yes, I was confusing 3.6 and 3.6. Sorry about that. 3.6 will be getting
at least one more security and stability update at approximately the
same time as Firefox 5 is released.

- A

Daniel Cater

unread,
May 18, 2011, 7:15:53 PM5/18/11
to
> I was confusing 3.6 and 3.6.

Easily done!

Robert Kaiser

unread,
May 18, 2011, 7:56:32 PM5/18/11
to
John Thomsen schrieb:

> On 2011-05-18 23:26, Asa Dotzler wrote:
>> On 5/18/2011 2:00 PM, Robert Kaiser wrote:
>>> Erm, IIRC, it was "at least six months" - and we probably are somewhat
>>> bound to that earlier promise still for 3.6
>>
>> Actually that's wrong. The exact text of our commitment was:
>>
>> "Last release to be supported with official security/stability updates
>> no more than six months following general available of current release"
>>
>> You can find this throughout our old roadmap documents.

Interesting, do you have a link for that?

> It is also possible to find the opposite statement. According to [1]
> talking about Firefox 3:
>
> "our policy is that there's a minimum of 6 months support after n+1
> version is out"

That's how I remember it.

Asa Dotzler

unread,
May 18, 2011, 9:30:51 PM5/18/11
to
On 5/18/2011 4:56 PM, Robert Kaiser wrote:
> John Thomsen schrieb:
>> On 2011-05-18 23:26, Asa Dotzler wrote:
>>> On 5/18/2011 2:00 PM, Robert Kaiser wrote:
>>>> Erm, IIRC, it was "at least six months" - and we probably are somewhat
>>>> bound to that earlier promise still for 3.6
>>>
>>> Actually that's wrong. The exact text of our commitment was:
>>>
>>> "Last release to be supported with official security/stability updates
>>> no more than six months following general available of current release"
>>>
>>> You can find this throughout our old roadmap documents.
>
> Interesting, do you have a link for that?

http://replay.web.archive.org/20060414183729/http://wiki.mozilla.org/ReleaseRoadmap

This is where we codified our commitment.

The update comment is "Last release to be supported with official

security/stability updates no more than six months following general

available of current release" and the text of the document is "the last
major release at any given time would be supported with security and
stability updates for up to six months following general availability of
the current release."

"no more than" and "for up to" both clearly communicate that 6 months is
the outer boundary, not the minimum.

That's the support commitment we made. There was no update to change the
commitment from a maximum of 6 months to a minimum of 6 months. Any
support longer than 6 months was because we were not satisfied with
leaving that many users behind. But that was not a change in our
commitment, it was us going above and beyond our commitment because we
thought, in particular circumstances, it was the right thing to do.

>> It is also possible to find the opposite statement. According to [1]
>> talking about Firefox 3:
>>
>> "our policy is that there's a minimum of 6 months support after n+1
>> version is out"
>
> That's how I remember it.

It's still wrong :-)

- A

Robert Kaiser

unread,
May 19, 2011, 8:28:59 AM5/19/11
to
Asa Dotzler schrieb:

> That's the support commitment we made. There was no update to change the
> commitment from a maximum of 6 months to a minimum of 6 months.

Wow, has been widely published wrongly, then, to the point that a lot of
us believed the wrong version. in the view of that, the new model is
even easier to adopt. ;-)

Alan Baxter

unread,
May 22, 2011, 11:00:24 PM5/22/11
to

Oh, dear. I've been linking the RapidRelease wiki in the support
group and the forums. Apparently it's out of date or I misunderstood
it. Thank you for your clarification. I'll stop linking to it.

https://wiki.mozilla.org/RapidRelease#4.0.x_and_Previous_Releases_.5Bjoduinn.2C_.5D
>This section clarifies some questions that have come up about the relationship between Firefox 4 and older and Firefox 5.
>
> 5.0 and newer processes will not be "backported" onto 4.0.x and older releases
> there will be 4.0.x releases and chemspill handling
> branch team is taking over for 4.0.1
> there will be 3.6.x and 3.5.x releases and chemspill handling

--
atb12345 at gmail dot com

Asa Dotzler

unread,
May 23, 2011, 12:38:05 PM5/23/11
to
On 5/22/2011 8:00 PM, Alan Baxter wrote:
> Daniel Veditz<dve...@mozilla.com> wrote:
>> On 5/18/11 10:15 AM, Matt Brubeck wrote:
>>> However, as far as I know there is no current policy specifying a
>>> specific length of support for Firefox 3.6 or 4.
>>
>> Several people have repeatedly said in public places (newsgroups,
>> planning meeting, Monday meeting; could not find a blog or wiki
>> page) that Firefox 5 will be the security update to Firefox 4, and
>> that there will be no 4.0.2 unless some issue between now and
>> shipping Fx5 requires a chemspill response.
>
> Oh, dear. I've been linking the RapidRelease wiki in the support
> group and the forums. Apparently it's out of date or I misunderstood
> it. Thank you for your clarification. I'll stop linking to it.
>
> https://wiki.mozilla.org/RapidRelease#4.0.x_and_Previous_Releases_.5Bjoduinn.2C_.5D

Did you read the introduction to that section?

> *Current Discussions*
> This section documents key discussion points and proposals
> that are in progress or need to happen. It also notes
> anything unclear. Where possible, it documents owners who
> need to give input and/or drive the item to conclusion.

So, this is a discussion section, not an authoritative answers section.

That being said, there already has been a 4.0.x release and there may be
another if a critical security issue arises that requires a "chemspill"
unplanned emergency fix. But that would be an *unplanned* emergency
release and not a planned one. The planned security update for Firefox 4
is Firefox 5.

- A

Daniel Veditz

unread,
May 23, 2011, 1:03:18 PM5/23/11
to dev-pl...@lists.mozilla.org
On 5/22/11 8:00 PM, Alan Baxter wrote:
> Daniel Veditz <dve...@mozilla.com> wrote:
>> that there will be no 4.0.2 unless some issue between now and
>> shipping Fx5 requires a chemspill response.
>
> Oh, dear. I've been linking the RapidRelease wiki in the support
> group and the forums. Apparently it's out of date or I misunderstood
> it. Thank you for your clarification. I'll stop linking to it.

There has been confusion even among the people who have edited that
wiki page.

>> 5.0 and newer processes will not be "backported" onto 4.0.x and older releases

True enough, 4.0.x releases are built and managed in a different
way. Doesn't say anything about the lifetime.

>> there will be 4.0.x releases and chemspill handling
>> branch team is taking over for 4.0.1

Until we stop supporting 4.0.x

>> there will be 3.6.x and 3.5.x releases and chemspill handling

Until we stop supporting them. We have now for 3.5.x: the most
recent 3.5.19 release was the last planned 3.5.x release. Likewise
4.0.1 was the last planned 4.0.x release. There's always the small
possibility of an unplanned ("chemspill") release.

Alan Baxter

unread,
May 23, 2011, 11:16:46 PM5/23/11
to
Asa Dotzler <a...@mozilla.com> wrote:
>The planned security update for Firefox 4
>is Firefox 5.

Thank you for the clarification. I'll take it as being authoritative.

Alan Baxter

unread,
May 23, 2011, 11:29:39 PM5/23/11
to

Thank you for the additional clarification. If Fx 5.0 becomes the
security update for Fx 4.0 like Asa says is planned and contains
security fixes that aren't in Fx 4.0, that seems to suggest that Fx
4.0 becomes insecure and no longer supported. In that case, would its
effective lifetime be over, i.e. it becomes EOL just like Fx 3.0 and
its predecessors?

Christian Legnitto

unread,
May 23, 2011, 11:36:24 PM5/23/11
to Alan Baxter, dev-pl...@lists.mozilla.org

5.0 will be offered as an automatic update. So, in the sense that 3.6.16 is "EOL" when 3.6.17 comes out, yes.

Christian

Alan Baxter

unread,
May 23, 2011, 11:51:50 PM5/23/11
to

I think I understand. There won't be any 4.0.x releases after 5.0 is
released, i.e. 4.0.x will no longer be supported and becomes EOL.

Christian Legnitto

unread,
May 23, 2011, 11:59:43 PM5/23/11
to Alan Baxter, dev-pl...@lists.mozilla.org

Correct. But, this won't be as big of an issue as 3.0 and 3.5. For those, we popped up a window asking people to opt in (major update offer). For 4.0.1 users will need to opt out (minor update offer, like point/security releases). Of course the opt-in method leaves many more people behind.


Henri Sivonen

unread,
May 24, 2011, 4:00:47 AM5/24/11
to dev-pl...@lists.mozilla.org
On Mon, 2011-05-23 at 20:59 -0700, Christian Legnitto wrote:
> Correct. But, this won't be as big of an issue as 3.0 and 3.5. For those, we popped up a window asking people to opt in (major update offer). For 4.0.1 users will need to opt out (minor update offer, like point/security releases). Of course the opt-in method leaves many more people behind.

I thought the plan was to do Chrome-style no-questions-asked updates.
Has the plan changed or did I misunderstand earlier? Or am I
misunderstanding what opt out means now?

--
Henri Sivonen
hsiv...@iki.fi
http://hsivonen.iki.fi/

Robert Kaiser

unread,
May 24, 2011, 8:56:30 AM5/24/11
to
Henri Sivonen schrieb:

> On Mon, 2011-05-23 at 20:59 -0700, Christian Legnitto wrote:
>> Correct. But, this won't be as big of an issue as 3.0 and 3.5. For those, we popped up a window asking people to opt in (major update offer). For 4.0.1 users will need to opt out (minor update offer, like point/security releases). Of course the opt-in method leaves many more people behind.
>
> I thought the plan was to do Chrome-style no-questions-asked updates.

It is. I think what Christian means with "opt-out" is that you
explicitely need to turn off updates if you don't want to be
automatically shifted from 4 to 5.

Mike Shaver

unread,
May 24, 2011, 1:20:03 PM5/24/11
to Robert Kaiser, dev-pl...@lists.mozilla.org
That's not what the link says (click and read it carefully!), and I drafted
the policy with beard originally.

It is commonly misunderstood as you have here, though, so something could
have been communicated better for sure.


On May 18, 2011 2:05 PM, "Robert Kaiser" <ka...@kairo.at> wrote:
> Mike Shaver schrieb:
>> On Wed, May 18, 2011 at 1:15 PM, Matt Brubeck<mbru...@mozilla.com>
wrote:
>>> Long ago during the Firefox 2.0 cycle, Mozilla's policy was that each
major version would be supported for six months after the next major version
was released [1].
>>
>> "up to six months", actually, though as you say we have always (IIRC)
>> gone a fair bit longer than that.
>

> Erm, IIRC, it was "at least six months" - and we probably are somewhat

> bound to that earlier promise still for 3.6 - we should not be for 4 or


> later, but I think we didn't say that very loudly, even though it's been
> our understanding for some time.
>

> Robert Kaiser
>
>
> --
> Note that any statements of mine - no matter how passionate - are never
> meant to be offensive but very often as food for thought or possible
> arguments that we as a community needs answers to. And most of the time,
> I even appreciate irony and fun! :)

> _______________________________________________
> dev-planning mailing list
> dev-pl...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-planning

Robert Kaiser

unread,
May 24, 2011, 3:57:57 PM5/24/11
to
Mike Shaver schrieb:

> That's not what the link says (click and read it carefully!), and I drafted
> the policy with beard originally.

Asa cleared that up already and apparently that was a long-carrying
wide-reaching misunderstanding then. In any case, it doesn't change our
policy for the future, I guess, so let's just keep the episode in mind
and try not to have something on that scale come up again. ;-)

Robert Kaiser


--
Note that any statements of mine - no matter how passionate - are never
meant to be offensive but very often as food for thought or possible

arguments that we as a community should think about. And most of the

Kohei Yoshino

unread,
May 24, 2011, 9:37:52 PM5/24/11
to dev-pl...@lists.mozilla.org
I thought Fx4 had the same lifecycle policy as before.
If you change the cycle, you should discuss and announce that *before*
the release, or enterprise users get confused :-(

--
Kohei Yoshino
Marketing & WebDev, Mozilla Japan
http://mozilla.jp/

Mike Shaver

unread,
May 24, 2011, 9:44:15 PM5/24/11
to Kohei Yoshino, dev-pl...@lists.mozilla.org
On Tue, May 24, 2011 at 6:37 PM, Kohei Yoshino
<yos...@mozilla-japan.org> wrote:
> I thought Fx4 had the same lifecycle policy as before.
> If you change the cycle, you should discuss and announce that *before*
> the release, or enterprise users get confused :-(

We discussed the update model for after FF4 quite extensively, I think.

Mike

Kohei Yoshino

unread,
May 24, 2011, 10:00:03 PM5/24/11
to dev-pl...@lists.mozilla.org

I thought this was the decision for Fx4:

http://mozilla.github.com/process-releases/draft/development_overview/
> We'll be using existing branch maintenance processes for
> Firefox 4.0.x and Firefox 3.6.x security and stability updates.

Henri Sivonen

unread,
May 25, 2011, 3:55:25 AM5/25/11
to dev-pl...@lists.mozilla.org
On Tue, 2011-05-24 at 07:58 -0700, Christian Legnitto wrote:
> Indeed. Users will also have an option to opt out before applying if some of their add-ons are known to be incompatible with the new version (it checks and hollers if compat issues ate found)

Ouch. That basically gives third party developers the power to keep
users from getting Firefox security fixes.

If the user has incompatible extensions at the time of the update push
and the user opts not to install the update, will the update be
reattempted when the incompatible extensions are updated to be
compatible? Also, it seems particularly bad if anti-virus extensions,
Skype toolbars and stuff of that nature on Windows are allowed to hold
back updates.

Alexander Limi

unread,
May 25, 2011, 11:34:02 AM5/25/11
to Henri Sivonen, dev-pl...@lists.mozilla.org
On Wed, May 25, 2011 at 12:55 AM, Henri Sivonen <hsiv...@iki.fi> wrote:

> On Tue, 2011-05-24 at 07:58 -0700, Christian Legnitto wrote:
> > Indeed. Users will also have an option to opt out before applying if some
> of their add-ons are known to be incompatible with the new version (it
> checks and hollers if compat issues ate found)
>
> Ouch. That basically gives third party developers the power to keep
> users from getting Firefox security fixes.
>

This is my biggest worry as well. I'd rather disable broken add-ons
temporarily until the author has updated them, especially now that we have
started doing automated version compatibility bumps, so the add-ons on AMO
are mostly handled.

Third-party hosted add-ons (like Skype, antivirus, etc) will have to move
faster under this new model, but they will have to anyway. They shouldn't be
able to stop people from having the latest security fixes, IMO. I'm willing
to go with some pain and aggressively protect our users on this to
straighten out our current (somewhat broken) add-ons story. But I'm also
sympathetic to the other sides in this discussion, it's not an easy choice
to make.

--
Alexander Limi · Firefox UX Team · @limi <http://twitter.com/limi> ·
limi.net

Kohei Yoshino

unread,
May 25, 2011, 9:25:28 PM5/25/11
to dev-pl...@lists.mozilla.org

We're preparing the Rapid Release & Lifecycle FAQ for the upcoming Fx5 beta release in our Japanese locale.
Can anyone answer my question... when and why this policy has been changed?
Does this mean Fx4 will be maintained until this December (6 months after the Fx5 release), right?
We've never heard Fx5 = Fx4 EOL; that's a shocking news.

Christian Legnitto

unread,
May 25, 2011, 9:36:04 PM5/25/11
to Kohei Yoshino, dev-pl...@lists.mozilla.org

The branch maintenance processes are talking about approving fixes, assorted update channels, bug triage, etc....NOT the support level.

Firefox 5 will be the security update for Firefox 4 and delivered as a minor update.

Thanks,
Christian

Mike Connor

unread,
May 25, 2011, 9:53:40 PM5/25/11
to Kohei Yoshino, dev-pl...@lists.mozilla.org

On 2011-05-25, at 9:25 PM, Kohei Yoshino wrote:

> On 11/05/25 11:00, Kohei Yoshino wrote:
>> On 11/05/25 10:44, Mike Shaver wrote:
>>> On Tue, May 24, 2011 at 6:37 PM, Kohei Yoshino
>>> <yos...@mozilla-japan.org> wrote:
>>>> I thought Fx4 had the same lifecycle policy as before.
>>>> If you change the cycle, you should discuss and announce that *before*
>>>> the release, or enterprise users get confused :-(
>>>
>>> We discussed the update model for after FF4 quite extensively, I think.
>>
>> I thought this was the decision for Fx4:
>>
>> http://mozilla.github.com/process-releases/draft/development_overview/
>>> We'll be using existing branch maintenance processes for
>>> Firefox 4.0.x and Firefox 3.6.x security and stability updates.
>
> We're preparing the Rapid Release & Lifecycle FAQ for the upcoming Fx5 beta release in our Japanese locale.
> Can anyone answer my question... when and why this policy has been changed?
> Does this mean Fx4 will be maintained until this December (6 months after the Fx5 release), right?
> We've never heard Fx5 = Fx4 EOL; that's a shocking news.

Hi Kohei,

Just to try to clarify, Fx5 does not automatically mean Fx4 is EOL. As stated, the Fx4 release will follow the old process. However, it's a common misconception that the policy promised a full six months of support past the next release. The actual statement in the previous release roadmap reads as follows [1]:

> Adoption of a consumer focused support lifecycle where only the current plus the last major release at any given time would be supported with security and stability updates for up to six months following general availability of the current release.


The key (and deliberately chosen) wording there is "up to six months" as opposed to "at least six months" meaning we may decide to end support sooner. I do not believe the branch team has made any explicit decisions at this time, but we should avoid making any promises about Firefox 4's EOL date in any official statement at this time.

-- Mike

[1] https://wiki.mozilla.org/ReleaseRoadmap?oldid=168833


Mike Connor

unread,
May 25, 2011, 9:56:00 PM5/25/11
to Mike Connor, Kohei Yoshino, dev-pl...@lists.mozilla.org
Ah, please disregard this, I misunderstood. Christian is responsible for making that call, and he's been clear here!

Kohei Yoshino

unread,
May 25, 2011, 10:00:47 PM5/25/11
to dev-pl...@lists.mozilla.org
On 11/05/26 10:36, Christian Legnitto wrote:

>
> On May 25, 2011, at 6:25 PM, Kohei Yoshino wrote:
>
>> On 11/05/25 11:00, Kohei Yoshino wrote:
>>> On 11/05/25 10:44, Mike Shaver wrote:
>>>> On Tue, May 24, 2011 at 6:37 PM, Kohei Yoshino
>>>> <yos...@mozilla-japan.org> wrote:
>>>>> I thought Fx4 had the same lifecycle policy as before.
>>>>> If you change the cycle, you should discuss and announce that *before*
>>>>> the release, or enterprise users get confused :-(
>>>>
>>>> We discussed the update model for after FF4 quite extensively, I think.
>>>
>>> I thought this was the decision for Fx4:
>>>
>>> http://mozilla.github.com/process-releases/draft/development_overview/
>>>> We'll be using existing branch maintenance processes for
>>>> Firefox 4.0.x and Firefox 3.6.x security and stability updates.
>>
>> We're preparing the Rapid Release & Lifecycle FAQ for the upcoming Fx5 beta release in our Japanese locale.
>> Can anyone answer my question... when and why this policy has been changed?
>> Does this mean Fx4 will be maintained until this December (6 months after the Fx5 release), right?
>> We've never heard Fx5 = Fx4 EOL; that's a shocking news.
>
> The branch maintenance processes are talking about approving fixes, assorted update channels, bug triage, etc....NOT the support level.
>
> Firefox 5 will be the security update for Firefox 4 and delivered as a minor update.

Is that new policy described/documented somewhere?

https://wiki.mozilla.org/RapidRelease also says
> End-of-Life:
> * As part of the faster cadence, FF5.0 automatically EOL's when FF6.0 is released with users getting silent updates.
> * For the previous FF4.0.x, FF3.6.x, FF3.5.x releases, we had different policy in place at the time of release.
> While there were problems with the previous policy, we still need to respect other projects (and the users)
> that still depend on these older code lines.

So the Linux distros and enterprise users might think the Fx4 lifecycle policy is the same as before.
End users (and we) are OK even if there's no more 4.0.x, but *please respect* those projects and enterprises
and please announce such important policy change before the release...

Thank you,
-Kohei

Christian Legnitto

unread,
May 25, 2011, 10:23:26 PM5/25/11
to Kohei Yoshino, dev-pl...@lists.mozilla.org


We've been saying it in meetings/calls and in various dev-planning threads FWIW. Honestly, the whole release process is a big unknown and may need to be adjusted after Firefox 5's release (though we hope and don't think it will). Obviously, one of the critical pieces we are watching is how Firefox 5 relates to 4, add-on compatibility, impact on partners, support expectations, dropped platforms, etc.

We most definitely reserve the right to change the plan later due to new information or invalid assumptions but we are currently driving to mark Firefox 4 as unsupported when Firefox 5 comes out. We don't intend to have a large user base on the older version because we are switching to opt-out (minor/unadvertised) rather than opt-in (major/advertised). It is our intention to make Firefox 4 to Firefox 5 as much of a non-event as possible, similar to how 3.6.16 to 3.6.17 is.

We are also discussing handing off older repositories to the community if they wish to continue support (as was done for 3.0). It would definitely be nice to have some real bug/repo policies in place before the actual time comes.

Thanks,
Christian

Asa Dotzler

unread,
May 26, 2011, 4:35:49 AM5/26/11
to
On 5/25/2011 7:00 PM, Kohei Yoshino wrote:
> On 11/05/26 10:36, Christian Legnitto wrote:
>> Firefox 5 will be the security update for Firefox 4 and delivered as a minor update.
>
> So the Linux distros and enterprise users might think the Fx4 lifecycle policy is the same as before.


And the "before" policy was "up to 6 months" which could be zero days or
180 days or any number between those two. There would be no violation of
the old policy if Firefox 4 was unsupported the day Firefox 5 shipped.

We will do what we think is best for the largest number of our users and
that's what we've always done. Our system won't work for some people --
there have been enterprises and distros who wouldn't adapt to our old
model and there will be some that can't adapt to the new one. I think,
however, it's important to note that there is no violation of our
commitment in this change. We are under no obligation to support older
releases any longer than we deem appropriate and sustainable.

- A

Philip Chee

unread,
May 26, 2011, 5:47:58 AM5/26/11
to
On Wed, 25 May 2011 21:24:24 -0500, Christian Legnitto wrote:

> We are also discussing handing off older repositories to the community if they wish to continue support (as was done for 3.0). It would definitely be nice to have some real bug/repo policies in place before the actual time comes.

I think the TenFourFox PPC build team would definitely be interested in
this. If the Gecko-2.0 branch becomes community supported it might make
it easier for Cameron to get his private PPC patches into the 2.0 tree
(since MoCo wouldn't care too much about what gets checked in there once
it's handed over).

Phil

--
Philip Chee <phi...@aleytys.pc.my>, <phili...@gmail.com>
http://flashblock.mozdev.org/ http://xsidebar.mozdev.org
Guard us from the she-wolf and the wolf, and guard us from the thief,
oh Night, and so be good for us to pass.

Henri Sivonen

unread,
May 26, 2011, 9:09:13 AM5/26/11
to dev-pl...@lists.mozilla.org
On Wed, 2011-05-25 at 19:23 -0700, Christian Legnitto wrote:
> We are also discussing handing off older repositories to the community if they wish to continue support (as was done for 3.0). It would definitely be nice to have some real bug/repo policies in place before the actual time comes.

What would the community do with the repo and why?

I think it is probably already too late to do this, because we've
proceeded a couple on months without landing security fixes and low-risk
regression fixes onto the Firefox 4 branch.

John O'Duinn

unread,
May 26, 2011, 11:29:35 AM5/26/11
to dev-pl...@lists.mozilla.org, Christian Legnitto, Kohei Yoshino
hi Kohei, Christian;


On 5/25/11 7:23 PM, Christian Legnitto wrote:


>
> On May 25, 2011, at 7:00 PM, Kohei Yoshino wrote:
>
>> On 11/05/26 10:36, Christian Legnitto wrote:
>>>

>>> On May 25, 2011, at 6:25 PM, Kohei Yoshino wrote:
>>>
>>>> On 11/05/25 11:00, Kohei Yoshino wrote:
>>>>> On 11/05/25 10:44, Mike Shaver wrote:
>>>>>> On Tue, May 24, 2011 at 6:37 PM, Kohei Yoshino
>>>>>> <yos...@mozilla-japan.org> wrote:
>>>>>>> I thought Fx4 had the same lifecycle policy as before.
>>>>>>> If you change the cycle, you should discuss and announce that *before*
>>>>>>> the release, or enterprise users get confused :-(
>>>>>>
>>>>>> We discussed the update model for after FF4 quite extensively, I think.
>>>>>
>>>>> I thought this was the decision for Fx4:
>>>>>
>>>>> http://mozilla.github.com/process-releases/draft/development_overview/
>>>>>> We'll be using existing branch maintenance processes for
>>>>>> Firefox 4.0.x and Firefox 3.6.x security and stability updates.
>>>>
>>>> We're preparing the Rapid Release & Lifecycle FAQ for the upcoming Fx5 beta release in our Japanese locale.
>>>> Can anyone answer my question... when and why this policy has been changed?
>>>> Does this mean Fx4 will be maintained until this December (6 months after the Fx5 release), right?
>>>> We've never heard Fx5 = Fx4 EOL; that's a shocking news.
>>>
>>> The branch maintenance processes are talking about approving fixes, assorted update channels, bug triage, etc....NOT the support level.
>>>

>>> Firefox 5 will be the security update for Firefox 4 and delivered as a minor update.
>>

>> Is that new policy described/documented somewhere?
>>
>> https://wiki.mozilla.org/RapidRelease also says
>>> End-of-Life:
>>> * As part of the faster cadence, FF5.0 automatically EOL's when FF6.0 is released with users getting silent updates.
>>> * For the previous FF4.0.x, FF3.6.x, FF3.5.x releases, we had different policy in place at the time of release.
>>> While there were problems with the previous policy, we still need to respect other projects (and the users)
>>> that still depend on these older code lines.
>>

>> So the Linux distros and enterprise users might think the Fx4 lifecycle policy is the same as before.

>> End users (and we) are OK even if there's no more 4.0.x, but *please respect* those projects and enterprises
>> and please announce such important policy change before the release...
>
>
> We've been saying it in meetings/calls and in various dev-planning threads FWIW.

I agree the plan of record with faster release cadence is to EOL FF5.0.x
when FF6.0 ships, EOL FF6.0 when FF7.0 ships, etc.

However, I believe the EOL plans for releases shipped before the rapid
release cadence are different. We've got 2 proposals for how to handle
EOL of FF3.5. I've heard some early discussions a while ago, but no
final decision that I am aware of, for how to handle EOL of FF3.6, FF4.0.


Christian, it would be helpful to post your thoughts and/or links to
existing discussions, to keep others in the loop. RelEng for example,
would like to verify that these proposals are mechanically possible
before we all commit to them.

Kohei, sorry for the churn during this transition time. There's a *lot*
going on every week just keeping FF5.0, FF6.0 mechanically on track. If
you see anything that we've dropped or not communicated clearly, please
do raise it. And please keep in mind, while this transition has us all
on our toes, the new faster release cadence will make all our lives (and
our users lives!) (and Firefox!) much better!

tc
John.
=====


> Honestly, the whole release process is a big unknown and may need to be adjusted after Firefox 5's release (though we hope and don't think it will). Obviously, one of the critical pieces we are watching is how Firefox 5 relates to 4, add-on compatibility, impact on partners, support expectations, dropped platforms, etc.
>
> We most definitely reserve the right to change the plan later due to new information or invalid assumptions but we are currently driving to mark Firefox 4 as unsupported when Firefox 5 comes out. We don't intend to have a large user base on the older version because we are switching to opt-out (minor/unadvertised) rather than opt-in (major/advertised). It is our intention to make Firefox 4 to Firefox 5 as much of a non-event as possible, similar to how 3.6.16 to 3.6.17 is.
>

> We are also discussing handing off older repositories to the community if they wish to continue support (as was done for 3.0). It would definitely be nice to have some real bug/repo policies in place before the actual time comes.
>

> Thanks,
> Christian

Robert Kaiser

unread,
May 26, 2011, 12:16:49 PM5/26/11
to
Christian Legnitto schrieb:

> It is our intention to make Firefox 4 to Firefox 5 as much of a non-event as possible, similar to how 3.6.16 to 3.6.17 is.

And I think we are on a quite good way to make it that. The biggest
obstacle I'm seeing so far is add-ons that load binaries - we can't
solve that one easily. All the others should be doable, even if we need
more work on all that.

Philip Chee

unread,
May 26, 2011, 2:31:22 PM5/26/11
to

I believe that Cameron Kaiser is tracking security fixes and I'm fairly
certain that he's been backporting such fixes to his TenFourFox
repository. If the right policies are in place he could push his
changesets to the community repository.

Cameron Kaiser

unread,
May 27, 2011, 1:32:08 PM5/27/11
to
> > > We are also discussing handing off older repositories to the community if they wish to continue support (as was done for 3.0). It would definitely be nice to have some real bug/repo policies in place before the actual time comes.
>
> > What would the community do with the repo and why?
>
> > I think it is probably already too late to do this, because we've
> > proceeded a couple on months without landing security fixes and low-risk
> > regression fixes onto the Firefox 4 branch.
>
> I believe that Cameron Kaiser is tracking security fixes and I'm fairly
> certain that he's been backporting such fixes to his TenFourFox
> repository. If the right policies are in place he could push his
> changesets to the community repository.

I'm always late to these discussions ...

Anyway, yes, I'm continuing development on our internal mozilla-2.0
while we evaluate how amenable Fx5 is to 10.4 PPC (so far we're having
serious problems with the port, unfortunately). TenFourFox 4.0.2 is
due to come out this weekend with security issues I've backported. I
would not mind being effectively the driver for 2.0, but I don't know
who else is out there downstream -- other than SeaMonkey, which if I
understand Philip and Robert correctly will move to Mozilla 5, I think
we're the only ones based on it. Dan Veditz has reenabled the flag for
approval-2.0 and at least one bug has landed post-Macaw under that
basis (I think biesi landed the multiple cookies bug), and that and
others will be in "4.0.2." I've taken pains in the release notes to
remind people this is not based on any official Firefox release.

If we can't get Fx5 on 10.4 PPC, then the next move is to start
backporting high-yield Fx5 features to a TenFourFox "4.1". Some of the
low-hanging fruit and low-risk bug fixes are already slated for our
4.0.3 (pending our crack community hackers taking a whack on the Fx5
build system where I have failed). I suspect this would be
controversial on an official release branch, but if this were kosher
I'd be happy to spearhead and maintain it.

Cameron Kaiser

Jean-Marc Desperrier

unread,
May 27, 2011, 7:35:53 PM5/27/11
to
On 26/05/2011 04:23, Christian Legnitto wrote:
> we are currently driving to mark Firefox 4 as unsupported when
> Firefox 5 comes out. We don't intend to have a large user base on the
> older version because we are switching to opt-out
> (minor/unadvertised) rather than opt-in (major/advertised).

IMO it would be better to use a model more similar to the one of Ubuntu.
For example : One out of 8 releases (^=one a year) is a LTS release that
*will* get security update and will EOL only after the next LTS release
is out.

Normal users get updated to each new release, but people who need the
stability and don't care about frequent functionality update can stay on
the LTS release for a whole year.

> It is our
> intention to make Firefox 4 to Firefox 5 as much of a non-event as
> possible, similar to how 3.6.16 to 3.6.17 is.

There necessarily will be a portion of users for which it won't be a
non-event, it can't stay a non-event for everybody a long time, or it
would mean that this new model slows down functional changes.

Asa Dotzler

unread,
May 27, 2011, 7:46:30 PM5/27/11
to
On 5/27/2011 4:35 PM, Jean-Marc Desperrier wrote:
> On 26/05/2011 04:23, Christian Legnitto wrote:
>> we are currently driving to mark Firefox 4 as unsupported when
>> Firefox 5 comes out. We don't intend to have a large user base on the
>> older version because we are switching to opt-out
>> (minor/unadvertised) rather than opt-in (major/advertised).
>
> IMO it would be better to use a model more similar to the one of Ubuntu.
> For example : One out of 8 releases (^=one a year) is a LTS release that
> *will* get security update and will EOL only after the next LTS release
> is out.
>
> Normal users get updated to each new release, but people who need the
> stability and don't care about frequent functionality update can stay on
> the LTS release for a whole year.


Sounds nice. Are you offering to maintain security and stability updates
for all previous releases between LTS updates? There's no free lunch here.

>> It is our
>> intention to make Firefox 4 to Firefox 5 as much of a non-event as
>> possible, similar to how 3.6.16 to 3.6.17 is.
>
> There necessarily will be a portion of users for which it won't be a
> non-event, it can't stay a non-event for everybody a long time, or it
> would mean that this new model slows down functional changes.

The new model doesn't slow down functional change. Change happens at
about the same rate year to year, but things ship when they're ready
rather than batching them up for long periods.

- A

Daniel Veditz

unread,
May 27, 2011, 10:38:56 PM5/27/11
to Asa Dotzler, dev-pl...@lists.mozilla.org
On 5/27/11 4:46 PM, Asa Dotzler wrote:
> On 5/27/2011 4:35 PM, Jean-Marc Desperrier wrote:
>> Normal users get updated to each new release, but people who need the
>> stability and don't care about frequent functionality update can
>> stay on the LTS release for a whole year.
>
> Sounds nice. Are you offering to maintain security and stability
> updates for all previous releases between LTS updates? There's no
> free lunch here.

He's not the one with several hundred million users. We won't know
the effects of the new plan for a while, but if it results in users
smeared across lots of old versions Mozilla might be better off
supporting a more conservative upgrade path in addition to the quick
cycle.

We have no data, it's premature to guess whether we need to do so
until after we release Firefox 6 (yes, 6 -- 5 represents the
transition and likely won't be typical).

You don't fall back to "plan B" until after you've given "plan A" a
chance.

-Dan

Asa Dotzler

unread,
May 28, 2011, 1:08:27 AM5/28/11
to
On 5/27/2011 7:38 PM, Daniel Veditz wrote:
> On 5/27/11 4:46 PM, Asa Dotzler wrote:
>> On 5/27/2011 4:35 PM, Jean-Marc Desperrier wrote:
>>> Normal users get updated to each new release, but people who need the
>>> stability and don't care about frequent functionality update can
>>> stay on the LTS release for a whole year.
>>
>> Sounds nice. Are you offering to maintain security and stability
>> updates for all previous releases between LTS updates? There's no
>> free lunch here.
>
> He's not the one with several hundred million users. We won't know
> the effects of the new plan for a while, but if it results in users
> smeared across lots of old versions Mozilla might be better off
> supporting a more conservative upgrade path in addition to the quick
> cycle.

Why would it result in users smeared across versions? If it's an
unprompted update, it should match what we've seen for unprompted
updates in the past -- very solid update rates.

The suggestion that we should maintain security updates for 8 or 9
releases every year is just silly unless he's willing to step up and
offer the resources to do that. That's the whole point of my reply.

- A

Boris Zbarsky

unread,
May 28, 2011, 2:22:57 AM5/28/11
to
On 5/28/11 1:08 AM, Asa Dotzler wrote:
> The suggestion that we should maintain security updates for 8 or 9
> releases every year

That wasn't the suggestion. The suggestion was that there be _one_
release a year that we maintain security updates for.

So say we ship Fx 5 and designate that as the LTS release for this year.
Then we would ship Fx 6, 7, 8, 9, 10, 11, 12, 13, which gets us to
about June 2012. In parallel we would be shipping security updates to
Fx5 _only_ by packporting security fixes from ongoing work to just the
Fx5 relbranch.

Then we designate the Fx 13 or Fx 14 release as the new LTS release,
end-of-life Fx5, and repeat.

I'm not sure this is something we should worry about at this stage; if
it turns out that our new release schedule is really not working for a
large fraction of our users, then we should worry about this. But the
suggestion that was made is much saner than what I think you read it to be.

-Boris

Henri Sivonen

unread,
May 28, 2011, 4:16:40 AM5/28/11
to dev-pl...@lists.mozilla.org
On Sat, 2011-05-28 at 02:22 -0400, Boris Zbarsky wrote:
> I'm not sure this is something we should worry about at this stage; if
> it turns out that our new release schedule is really not working for a
> large fraction of our users, then we should worry about this. But the
> suggestion that was made is much saner than what I think you read it to be.

I think we shouldn't worry about this now, but a comment about the LTS
idea:

Ubuntu needs LTS releases, because they break basic stuff in normal
releases. That is, their QA process isn't very good or they don't act on
the output of the QA process well enough. I think the key problem of
Ubuntu is that their release schedule is date-driven but their still do
feature-driven development so they ship broken stuff when the
pre-announced release day comes. Our now process is different in the
sense that features are supposed to be allowed to miss release trains if
they aren't ready.

Our QA process lets regressions slip though, too. However, running a
pre-release version of a browser is much easier that running a
pre-release operation system (on real hardware to see real driver bugs).
So in the Firefox case, unlike it the Ubuntu case, it should be pretty
easy for any organization that relies on Firefox updates not breaking
whatever they want not broken by having a person or two who use Aurora
as their browser within the organization. If we regress something and
it's caught in the Aurora phase, there's still a chance of unregressing
before release or to fix it in their intranet.

(Additionally, we might do better on the regression avoidance front if
we had Opera-style Web feature QA. Opera has QA write test suites from
the spec, which is substantially different to our approach to test
cases.)

On the other hand, people who use IE6, 7 or 8 are basically running LTS
browsers. It's well-known that for Web authors, those browsers are
holding the Web back. I think enabling people (or, rather,
organizations) to run old versions Firefox would also slow down progress
on the Web and, therefore, would not be a good way to implement
Mozilla's mission.

Jesper Kristensen

unread,
May 28, 2011, 6:22:52 AM5/28/11
to
Den 28-05-2011 07:08, Asa Dotzler skrev:
>> He's not the one with several hundred million users. We won't know
>> the effects of the new plan for a while, but if it results in users
>> smeared across lots of old versions Mozilla might be better off
>> supporting a more conservative upgrade path in addition to the quick
>> cycle.
>
> Why would it result in users smeared across versions? If it's an
> unprompted update, it should match what we've seen for unprompted
> updates in the past -- very solid update rates.

Hopefully, but it is not given. Add-on authors are told to make their
maxVersion x.y.*, so add-ons may become incompatible at every single
unprompted update. From what I have read, updates still require opt-in
if it results in incompatible add-ons. (is this still the plan?) This is
handled for AMO hosted add-ons, but my experience from support forums is
that add-ons not hosted on AMO experience incompatibilities far more
frequently.

I don't think a LTS release is a solution, I just want to say that the
automatic update process is very uncertain.

Jean-Marc Desperrier

unread,
May 30, 2011, 3:00:19 PM5/30/11
to
Asa Dotzler wrote:
>> IMO it would be better to use a model more similar to the one of Ubuntu.
>> For example : One out of 8 releases (^=one a year) is a LTS release that
>> *will* get security update and will EOL only after the next LTS release
>> is out.
>>
>> Normal users get updated to each new release, but people who need the
>> stability and don't care about frequent functionality update can stay on
>> the LTS release for a whole year.
>
> Sounds nice. Are you offering to maintain security and stability updates
> for all previous releases between LTS updates? There's no free lunch here.

In that scenario, there would be only two versions supported in parallel :
- during this year, current version and Fx 5
- during next year, current version and Fx 13, etc.
This is less that what Mozilla was doing until now.

However I perfectly agree that this plan makes sense only if you really
get a strong demand for those LTS versions, if some people really find
the current plan unworkable for them (and can justify why).

Maybe I just missed it but I didn't see what kind of reactions you got
from Linux distributions about the new rapid release schedule ?
They're the primary target that I'd expect to be up in arms over their
need for LTS versions (and to whom you could tell that they *need* to
get involved in the security patch ports for the LTS version or then it
won't happen).

Henri Sivonen

unread,
May 31, 2011, 1:35:27 AM5/31/11
to dev-pl...@lists.mozilla.org
On Mon, 2011-05-30 at 21:00 +0200, Jean-Marc Desperrier wrote:
> Maybe I just missed it but I didn't see what kind of reactions you got
> from Linux distributions about the new rapid release schedule ?
> They're the primary target that I'd expect to be up in arms over their
> need for LTS versions (and to whom you could tell that they *need* to
> get involved in the security patch ports for the LTS version or then it
> won't happen).

The "need" of LTS versions for Linux distros is a policy matter that can
be fixed by adjusting distro policies so that LTS versions aren't
"needed".

It's worth noting that Ubuntu already updates Chromium with
features--not just security fixes--at Google's schedule. That is, Ubuntu
puts the latest Chromium in their repos even after a distribution
release has been shipped.

Debian, OTOH, ships an ancient version of Chromium. It would be
interesting to know if users actually want to use the ancient version or
if users who want Chrome/Chromium add a repo that gives them the latest
anyway. After all, the Web that the ancient Chromium is supposed to
interact with moves on assuming that everyone who uses Chrome has the
latest Chrome without caring about Debian sticking to an ancient
Chromium.

Freezing app versions could be considered a bug. See
http://www.omgubuntu.co.uk/2011/05/the-evolution-of-the-personal-package-archive-system/

Georg Maaß

unread,
Jun 12, 2011, 11:30:06 AM6/12/11
to
Boris Zbarsky wrote:
> So say we ship Fx 5 and designate that as the LTS release for this year.
> Then we would ship Fx 6, 7, 8, 9, 10, 11, 12, 13, which gets us to about
> June 2012. In parallel we would be shipping security updates to Fx5
> _only_ by packporting security fixes from ongoing work to just the Fx5
> relbranch.
>
> Then we designate the Fx 13 or Fx 14 release as the new LTS release,
> end-of-life Fx5, and repeat.

This is a model I can live with, because then the LTS is "the real
release" with feature freeze on top of which I can build my
applications, but jumping from fx 5 to 6 to 7 and so on each with
internal differences and possibility of incompatibility, when I update
for desired security fixes only, is like running directly on the daily
nightlies, which is just a nightmare.

Robert Accettura

unread,
Jun 12, 2011, 11:52:19 AM6/12/11
to Georg Maaß, dev-pl...@lists.mozilla.org
12 months seems short to designate LTS for a distros or corporate
deployments (while it is a long time in the browser world). Any data
behind the number 12 vs 18 or 24? Would a longer window (strictly
security bug fixes) lead to more deployments?

Georg Maaß

unread,
Jun 12, 2011, 12:10:35 PM6/12/11
to
Robert Accettura wrote:
> 12 months seems short to designate LTS for a distros or corporate
> deployments (while it is a long time in the browser world). Any data
> behind the number 12 vs 18 or 24? Would a longer window (strictly
> security bug fixes) lead to more deployments?

36 months would be much better for on top products (especially XULRUnner
apps), because development of on top products like XULRunner apps can
not start before the release has been deployed, so with the rapid
release cycle the on top products will be always more or less
incompatible with the current release or insecure if they ship with an
outdated XULRunner.

For those who decided to introduce that rapid release cycle 12 months
might be a compromise they could agree too.

For XULRunner apps with 1 or two developers only working only weekend
per weekend on the project the rapid release cycle is a nightmare,
because each update may result in an new unexpected incompatibility
instead of just more security.

beltzner

unread,
Jun 12, 2011, 12:27:55 PM6/12/11
to Georg Maaß, dev-pl...@lists.mozilla.org
While I agree that longer intervals would be better for corporate
deployments and embedders, I'm not at all certain it's the best thing for
the web or for Mozilla.

What do other web stack vendors do? What's the minimum interval for IE or
Chrome, and what for Trident and Webkit?

My instinct is to let corporate deployers catch up to a faster (remember:
we're talking 12 months) cycle, and to get serious about our embedding
story, which presently seems to be caveat emptor, quite honestly (and
perhaps appropriately). We don't have the resources - as a community - to
focus on their problems and on moving the web forward.

cheers,
mike
On 12/06/2011 12:16 PM, "Georg Maaß" <ge...@bioshop.de> wrote:

azakai

unread,
Jun 22, 2011, 2:49:08 PM6/22/11
to
> > I think I understand.  There won't be any 4.0.x releases after 5.0 is
> > released, i.e. 4.0.x will no longer be supported and becomes EOL.
>
> Correct. But, this won't be as big of an issue as 3.0 and 3.5. For those, we popped up a window asking people to opt in (major update offer). For 4.0.1 users will need to opt out (minor update offer, like point/security releases). Of course the opt-in method leaves many more people behind.

Is this still the plan? If so, are we not concerned about a 4 to 5
update breaking addons? And of people staying on 4 because 5 doesn't
support their addons, and consequently being on an EOL'ed browser?

(There is a lot of negativity about both issues on Slashdot right now,
with a link to this thread.)

- azakai