svn commit: r413726 - in head: Mk/Uses www/firefox www/firefox-esr www/firefox-esr-i18n www/firefox-esr/files www/firefox-i18n www/firefox/files www/libxul www/libxul/files www/linux-firefox

Jan Beich jbeich at FreeBSD.org
Sun Apr 24 16:45:16 UTC 2016 

Tijl Coosemans <tijl at FreeBSD.org> writes:

> On Thu, 21 Apr 2016 11:18:13 +0000 (UTC) Jan Beich <jbeich at FreeBSD.org> wrote:
>
>> Author: jbeich
>> Date: Thu Apr 21 11:18:13 2016
>> New Revision: 413726
>> URL: https://svnweb.freebsd.org/changeset/ports/413726
>> 
>> Log:
>>   www/firefox{,-esr}: update to 46.0 (rc4) / 45.1esr
>
> I don't think you should commit release candidates to the main port.

Firefox release candidates are not of beta quality, especially less than
a week before the (scheduled) announcement. At this point anything not
found during beta lifecycle is likely specific to FreeBSD or the port
(e.g. patches, configure options). For one, OMTC crashes weren't noticed
before firefox 40.0 merged to /head. If you fear stability issues switch
to www/firefox-esr.

There's also a vulnerability window 1-2 weeks before each release when
security fixes have landed but not yet propagated to users. One way to
find them is to look for commits associated with "access denied" bugs,
except those hiding corporate details. Mozilla wants downstream to get
the fixes on the release day but given FreeBSD is Tier3 platform
(i.e. regressions don't block) we won't get them unless pkg.freebsd.org
is given a few days to build. OTOH, Tier1 platforms can just ignore
downstream e.g.,

https://blog.mozilla.org/futurereleases/2016/04/21/firefox-default-browser-for-linux-users-ubuntu-new-snap-format-coming-soon/

> Create www/firefox-beta for that or something.

Who is going to use it? Why should I care about the rest of gecko@ then?
www/firefox-nightly would be more interesting but I've burnt out maintaining
it once and not confident this won't repeat.

>
>>   Changes:	https://www.mozilla.org/firefox/46.0/releasenotes/
>>   Changes:	https://www.mozilla.org/firefox/45.1.0/releasenotes/
>>   Security:	92d44f83-a7bf-41cf-91ee-3d1b8ecf579f
>
> What does this number refer to?

"Reserved" in the spirit of CVEs. ;) That VuXML entry will be populated
once the new batch of MFSAs is published with 46.0 release announcement.

--
Not sure what's the issue here other than maintainer has to be careful
in order to avoid churn of too many release candidates and annoy users.
If the candidate is promoted to release there's nothing to do.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 602 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/svn-ports-all/attachments/20160424/63bcd4f9/attachment.sig>

More information about the svn-ports-all mailing list