LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 04-03-2010, 05:34 PM   #1
mejohnsn
Member
 
Registered: Sep 2009
Posts: 172

Rep: Reputation: Disabled
Firefox 3.6 Availability as Fedora Package?


Firefox 3.6 has been available for Linux from Mozilla since January. So where is the Fedora package for it? I still get the latest available package being 3.5.9 when I run "yum info firefox*".
 
Old 04-03-2010, 06:50 PM   #2
snowpine
Senior Member
 
Registered: Feb 2009
Posts: 3,921

Rep: Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050
Fedora 13 is coming next month; it will have the latest Firefox.

If you can't wait that long, you can upgrade to the Fedora 13 Alpha, or just go here: http://www.mozilla.com/en-US/firefox/personal.html
 
Old 04-03-2010, 08:14 PM   #3
mejohnsn
Member
 
Registered: Sep 2009
Posts: 172

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by snowpine View Post
Fedora 13 is coming next month; it will have the latest Firefox.

If you can't wait that long, you can upgrade to the Fedora 13 Alpha, or just go here: http://www.mozilla.com/en-US/firefox/personal.html
Well, you know how it is. Mozilla wants us to update immediately because of security issues. And really, we should expect that hackers will go after outdated version of Firefox as "low hanging fruit": their security flaws are publicized and therefore easy to take advantage of.

So if the package maintainers are not going to be prompt in updating the package to follow Mozilla's updates, the more responsible thing to do would be to not package it AT ALL, and have everyone download security updates straight from Mozilla.
 
Old 04-03-2010, 08:44 PM   #4
snowpine
Senior Member
 
Registered: Feb 2009
Posts: 3,921

Rep: Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050
Quote:
Originally Posted by mejohnsn View Post
Well, you know how it is. Mozilla wants us to update immediately because of security issues. And really, we should expect that hackers will go after outdated version of Firefox as "low hanging fruit": their security flaws are publicized and therefore easy to take advantage of.

So if the package maintainers are not going to be prompt in updating the package to follow Mozilla's updates, the more responsible thing to do would be to not package it AT ALL, and have everyone download security updates straight from Mozilla.
You misunderstand how "stable release" distros like Fedora, Ubuntu, Debian. Red Hat, etc. handle updates.

If a security vulnerability is discovered, they "patch" the existing version in the repositories, rather than release a new version of the application.

For example, Red Hat, CentOS, Debian Stable, and Ubuntu long-term-suport all use Firefox 3.0. Why do so many choose these distros if they are really "low hanging fruit" as you claim?

Sounds like you might be happier with a "rolling release" distro, like Arch, if application version numbers are more important to you than a stable and secure system. Rolling release distros get the latest application versions as they become available, rather than being organized into periodic, time-based releases.

Last edited by snowpine; 04-03-2010 at 08:56 PM.
 
Old 04-03-2010, 11:38 PM   #5
mejohnsn
Member
 
Registered: Sep 2009
Posts: 172

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by snowpine View Post
You misunderstand how "stable release" distros like Fedora, Ubuntu, Debian. Red Hat, etc. handle updates.

If a security vulnerability is discovered, they "patch" the existing version in the repositories, rather than release a new version of the application.

For example, Red Hat, CentOS, Debian Stable, and Ubuntu long-term-suport all use Firefox 3.0. Why do so many choose these distros if they are really "low hanging fruit" as you claim?

Sounds like you might be happier with a "rolling release" distro, like Arch, if application version numbers are more important to you than a stable and secure system. Rolling release distros get the latest application versions as they become available, rather than being organized into periodic, time-based releases.
I have to admit I was unaware of this distinction. In fact, it takes me quite by surprise. Do I understand you correctly? Are you really saying that the same package containing the same 3.5.9 I downloaded months ago is now a different binary, containing patches discovered since Firefox 3.5.9 was released? Doesn't this defeat the purpose of having version numbers in the first place?

Whatever the answer to that question is, it still leads to another question: when these patches take place in the repositories, do they get included as a Security Update to download in Software Update?

If the answer to the latter is 'yes', then I should have the most uptodate patches already, except perhaps for the very latest (in FF 3.6.3 released just April 1st).

Last edited by mejohnsn; 04-03-2010 at 11:39 PM.
 
Old 04-04-2010, 12:01 AM   #6
snowpine
Senior Member
 
Registered: Feb 2009
Posts: 3,921

Rep: Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050
This article explains the concept far more eloquently than I can:

http://www.redhat.com/security/updat...g/?sc_cid=3093
 
1 members found this post helpful.
Old 04-04-2010, 12:04 AM   #7
John VV
Guru
 
Registered: Aug 2005
Posts: 13,279

Rep: Reputation: 1775Reputation: 1775Reputation: 1775Reputation: 1775Reputation: 1775Reputation: 1775Reputation: 1775Reputation: 1775Reputation: 1775Reputation: 1775Reputation: 1775
most of the time a backport is made for the BIG bug fixes .If it is only a very small fix then in the next version( fedora) it will be added .

BUT
you can always just let firefox do a auto update from the website .Then add a block in yum so that it is not installed too. That is what i did and do do .
 
Old 04-05-2010, 02:40 AM   #8
mejohnsn
Member
 
Registered: Sep 2009
Posts: 172

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by snowpine View Post
This article explains the concept far more eloquently than I can:

http://www.redhat.com/security/updat...g/?sc_cid=3093
That is a good article. Thanks for showing the link. But (and you knew there was a 'but' coming, didn't you it only asserts that all this 'backporting' takes place with Red Hat itself, not with Fedora, which is the "development branch" of Red Hat. So it would be completely consistent with that document for backporting to take place ONLY with RedHat releases, which are somewhat more rare -- and quite behind (the list of Fedora capabilities and features).

So do you know that the same backporting described in this article is taking place for every Fedora package too?
 
Old 04-05-2010, 06:23 AM   #9
snowpine
Senior Member
 
Registered: Feb 2009
Posts: 3,921

Rep: Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050
All reputable Linux distributions practice security backporting (with the exception of "rolling release" distros as I mentioned earlier). Why would anyone use an operating system that doesn't get security updates--it wouldn't make sense.

The Fedora community is very transparent. Drop by fedoraforums.org (or their mailing list) and share your concerns, get involved, hear what the developers have to say.

Also don't forget my link way back in post #2... if you want the latest Firefox, you can have it today, straight from Mozilla.

Last edited by snowpine; 04-05-2010 at 08:25 AM.
 
Old 04-07-2010, 05:00 AM   #10
mejohnsn
Member
 
Registered: Sep 2009
Posts: 172

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by snowpine View Post
All reputable Linux distributions practice security backporting (with the exception of "rolling release" distros as I mentioned earlier). Why would anyone use an operating system that doesn't get security updates--it wouldn't make sense.

The Fedora community is very transparent. Drop by fedoraforums.org (or their mailing list) and share your concerns, get involved, hear what the developers have to say.

Also don't forget my link way back in post #2... if you want the latest Firefox, you can have it today, straight from Mozilla.
I haven't forgotten it. Thanks for all these replies, BTW. But to make a rational, or even semi-rational decision concerning whether or not it is worth the bother, I still need an answer to the as yet unanswered questions in this thread.

I am always leery (some would say too leery) of installing software that is NOT delivered via the packaging system: I do not know how much customization the package maintainer finds necessary for adapting the product to Fedora, and do not want to have to keep track of such issues myself. It would have been a mess, for example, if I had installed Sun Java myself instead of using the package, since the package maintainer knew about the Debian system (inherited by Fedora) of links in /etc/alternatives, and I did not.

It was already bad enough that I had to use an RPM package instead of yum
 
Old 04-07-2010, 05:02 AM   #11
mejohnsn
Member
 
Registered: Sep 2009
Posts: 172

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by snowpine View Post
All reputable Linux distributions practice security backporting (with the exception of "rolling release" distros as I mentioned earlier). Why would anyone use an operating system that doesn't get security updates--it wouldn't make sense.
Yet people do it. Lots of people. They do it often. The most common such OS, of course, is Windoze

BTW: how am I supposed to know which distros are 'reputable'. They all CLAIM to be.
 
Old 04-07-2010, 08:57 AM   #12
snowpine
Senior Member
 
Registered: Feb 2009
Posts: 3,921

Rep: Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050
I would consider anything on the Distrowatch "major distros" page to be reputable for sure (Fedora is on the list): http://distrowatch.com/dwres.php?resource=major

If you want to learn more about Fedora development, visit their mailing list and forum, ask questions, help out, get involved.
 
  


Reply

Tags
fedora, firefox


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: High-Availability Storage With GlusterFS On Fedora 12 LXer Syndicated Linux News 0 03-02-2010 09:11 PM
Qt 3.3 package availability for Red Hat 7.3 kaplan71 Red Hat 1 03-17-2008 03:05 PM
LXer: Setting Up A High-Availability Load Balancer With HAProxy/Heartbeat On Fedora 8 LXer Syndicated Linux News 1 03-10-2008 08:29 AM
firefox package ? duryodhan Slackware 14 03-04-2008 12:49 AM
Fedora availability in Saudi Arabia debdas Fedora 1 04-06-2004 01:12 PM


All times are GMT -5. The time now is 05:11 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration