From owner-svn-ports-all@freebsd.org Sun Apr 24 16:45:16 2016 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 72A51B1B920 for ; Sun, 24 Apr 2016 16:45:16 +0000 (UTC) (envelope-from jbeich@freebsd.org) Received: from vfemail.net (onethreetwo.vfemail.net [199.16.11.132]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 18D1F1710 for ; Sun, 24 Apr 2016 16:45:15 +0000 (UTC) (envelope-from jbeich@freebsd.org) Received: (qmail 31214 invoked by uid 89); 24 Apr 2016 16:38:32 -0000 Received: from localhost (HELO freequeue.vfemail.net) (127.0.0.1) by localhost with (DHE-RSA-AES256-SHA encrypted) SMTP; 24 Apr 2016 16:38:32 -0000 Received: (qmail 31202 invoked by uid 89); 24 Apr 2016 16:38:14 -0000 Received: by simscan 1.3.1 ppid: 31194, pid: 31198, t: 0.0045s scanners:none Received: from unknown (HELO smtp102-2.vfemail.net) (172.16.100.62) by FreeQueue with SMTP; 24 Apr 2016 16:38:14 -0000 Received: (qmail 29833 invoked by uid 89); 24 Apr 2016 16:38:14 -0000 Received: by simscan 1.4.0 ppid: 29811, pid: 29825, t: 0.5988s scanners:none Received: from unknown (HELO nil) (amJlaWNoQHZmZW1haWwubmV0@172.16.100.27) by mail.vfemail.net with ESMTPA; 24 Apr 2016 16:38:14 -0000 From: Jan Beich To: Tijl Coosemans Cc: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r413726 - in head: Mk/Uses www/firefox www/firefox-esr www/firefox-esr-i18n www/firefox-esr/files www/firefox-i18n www/firefox/files www/libxul www/libxul/files www/linux-firefox References: <201604211118.u3LBIDqo045010@repo.freebsd.org> <20160424153714.78a11f70@kalimero.tijl.coosemans.org> Date: Sun, 24 Apr 2016 18:38:04 +0200 In-Reply-To: <20160424153714.78a11f70@kalimero.tijl.coosemans.org> (Tijl Coosemans's message of "Sun, 24 Apr 2016 15:37:14 +0200") Message-ID: MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Apr 2016 16:45:16 -0000 --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Tijl Coosemans writes: > On Thu, 21 Apr 2016 11:18:13 +0000 (UTC) Jan Beich w= rote: > >> Author: jbeich >> Date: Thu Apr 21 11:18:13 2016 >> New Revision: 413726 >> URL: https://svnweb.freebsd.org/changeset/ports/413726 >>=20 >> Log: >> www/firefox{,-esr}: update to 46.0 (rc4) / 45.1esr > > I don't think you should commit release candidates to the main port. Firefox release candidates are not of beta quality, especially less than a week before the (scheduled) announcement. At this point anything not found during beta lifecycle is likely specific to FreeBSD or the port (e.g. patches, configure options). For one, OMTC crashes weren't noticed before firefox 40.0 merged to /head. If you fear stability issues switch to www/firefox-esr. There's also a vulnerability window 1-2 weeks before each release when security fixes have landed but not yet propagated to users. One way to find them is to look for commits associated with "access denied" bugs, except those hiding corporate details. Mozilla wants downstream to get the fixes on the release day but given FreeBSD is Tier3 platform (i.e. regressions don't block) we won't get them unless pkg.freebsd.org is given a few days to build. OTOH, Tier1 platforms can just ignore downstream e.g., https://blog.mozilla.org/futurereleases/2016/04/21/firefox-default-browser-= for-linux-users-ubuntu-new-snap-format-coming-soon/ > Create www/firefox-beta for that or something. Who is going to use it? Why should I care about the rest of gecko@ then? www/firefox-nightly would be more interesting but I've burnt out maintaining it once and not confident this won't repeat. > >> Changes: https://www.mozilla.org/firefox/46.0/releasenotes/ >> Changes: https://www.mozilla.org/firefox/45.1.0/releasenotes/ >> Security: 92d44f83-a7bf-41cf-91ee-3d1b8ecf579f > > What does this number refer to? "Reserved" in the spirit of CVEs. ;) That VuXML entry will be populated once the new batch of MFSAs is published with 46.0 release announcement. =2D- Not sure what's the issue here other than maintainer has to be careful in order to avoid churn of too many release candidates and annoy users. If the candidate is promoted to release there's nothing to do. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQF8BAEBCgBmBQJXHPZtXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXREQjQ0MzY3NEM3RDIzNTc4NkUxNDkyQ0VF NEM3Nzg4MzQ3OURCRERCAAoJEOTHeINHnb3bcTEH/RDJ2RjbclXs2AgenczFziUg FuyHxyMQJ6tnD6L9TK6Zjt5Rh+BmhO7w+Z+nvv7x9zPXO1bTSNYBypmFOexnYzBR eYcdhGlM6sGQ/rCvS9DGREJc/ttOGat3/APuNj+UIWMnnkIbLUfa/UrFhJM+Kotw SSjoe80THJWTFnt08jMC5uECgFdAQocR9qD5gVZ/Ehj5PI9i2i2hkoPGCcmkGsFO 0jHZbyjsNe1k53KkNnt3oGtIn/MDegtpz9zLRBFhRlp5TtnBZCI4ENO4fubez0m4 r+XNhjxIG6oB153Pjqo258FmuqdZKyKC9gUqtvHvG9FyNXZqg7KSaCO6uQOSvO0= =NHcB -----END PGP SIGNATURE----- --=-=-=--