Date: Sun, 24 Apr 2016 18:38:04 +0200 From: Jan Beich <jbeich@FreeBSD.org> To: Tijl Coosemans <tijl@FreeBSD.org> Cc: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r413726 - in head: Mk/Uses www/firefox www/firefox-esr www/firefox-esr-i18n www/firefox-esr/files www/firefox-i18n www/firefox/files www/libxul www/libxul/files www/linux-firefox Message-ID: <k2jn-6jyr-wny@vfemail.net> In-Reply-To: <20160424153714.78a11f70@kalimero.tijl.coosemans.org> (Tijl Coosemans's message of "Sun, 24 Apr 2016 15:37:14 %2B0200") References: <201604211118.u3LBIDqo045010@repo.freebsd.org> <20160424153714.78a11f70@kalimero.tijl.coosemans.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Tijl Coosemans <tijl@FreeBSD.org> writes: > On Thu, 21 Apr 2016 11:18:13 +0000 (UTC) Jan Beich <jbeich@FreeBSD.org> w= rote: > >> Author: jbeich >> Date: Thu Apr 21 11:18:13 2016 >> New Revision: 413726 >> URL: https://svnweb.freebsd.org/changeset/ports/413726 >>=20 >> Log: >> www/firefox{,-esr}: update to 46.0 (rc4) / 45.1esr > > I don't think you should commit release candidates to the main port. Firefox release candidates are not of beta quality, especially less than a week before the (scheduled) announcement. At this point anything not found during beta lifecycle is likely specific to FreeBSD or the port (e.g. patches, configure options). For one, OMTC crashes weren't noticed before firefox 40.0 merged to /head. If you fear stability issues switch to www/firefox-esr. There's also a vulnerability window 1-2 weeks before each release when security fixes have landed but not yet propagated to users. One way to find them is to look for commits associated with "access denied" bugs, except those hiding corporate details. Mozilla wants downstream to get the fixes on the release day but given FreeBSD is Tier3 platform (i.e. regressions don't block) we won't get them unless pkg.freebsd.org is given a few days to build. OTOH, Tier1 platforms can just ignore downstream e.g., https://blog.mozilla.org/futurereleases/2016/04/21/firefox-default-browser-= for-linux-users-ubuntu-new-snap-format-coming-soon/ > Create www/firefox-beta for that or something. Who is going to use it? Why should I care about the rest of gecko@ then? www/firefox-nightly would be more interesting but I've burnt out maintaining it once and not confident this won't repeat. > >> Changes: https://www.mozilla.org/firefox/46.0/releasenotes/ >> Changes: https://www.mozilla.org/firefox/45.1.0/releasenotes/ >> Security: 92d44f83-a7bf-41cf-91ee-3d1b8ecf579f > > What does this number refer to? "Reserved" in the spirit of CVEs. ;) That VuXML entry will be populated once the new batch of MFSAs is published with 46.0 release announcement. =2D- Not sure what's the issue here other than maintainer has to be careful in order to avoid churn of too many release candidates and annoy users. If the candidate is promoted to release there's nothing to do. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQF8BAEBCgBmBQJXHPZtXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXREQjQ0MzY3NEM3RDIzNTc4NkUxNDkyQ0VF NEM3Nzg4MzQ3OURCRERCAAoJEOTHeINHnb3bcTEH/RDJ2RjbclXs2AgenczFziUg FuyHxyMQJ6tnD6L9TK6Zjt5Rh+BmhO7w+Z+nvv7x9zPXO1bTSNYBypmFOexnYzBR eYcdhGlM6sGQ/rCvS9DGREJc/ttOGat3/APuNj+UIWMnnkIbLUfa/UrFhJM+Kotw SSjoe80THJWTFnt08jMC5uECgFdAQocR9qD5gVZ/Ehj5PI9i2i2hkoPGCcmkGsFO 0jHZbyjsNe1k53KkNnt3oGtIn/MDegtpz9zLRBFhRlp5TtnBZCI4ENO4fubez0m4 r+XNhjxIG6oB153Pjqo258FmuqdZKyKC9gUqtvHvG9FyNXZqg7KSaCO6uQOSvO0= =NHcB -----END PGP SIGNATURE----- --=-=-=--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?k2jn-6jyr-wny>