On 10/03/2013 05:44 PM, Marko Randjelovic wrote: > On Thu, 03 Oct 2013 14:37:22 +0200 > Paul van der Vlis <[email protected]> wrote: > >> Hello, >> >> In some cases security updates for packages in main are realized by >> new releases, e.g. Iceweasel and Wordpress. Such packages can give >> problems, e.g. in Wordpress there are missing themes. >> >> In my opinion such packages should be added to backports and then >> declared "end of live" in main. I think it's common to take extra care >> with backports. >> >> Backports could be enabled by default in a new release, e.g. to have >> Iceweasel in a fresh install. >> >> What's your opinion? >> >> With regards, >> Paul van der Vlis. >> >> >> >> >> > > Obviously, web browser and web applications are critical for security because > they are exposed to eventual attacks. Hence, I agree they should not be > updated to new upstream version but instead only backported with security > patches. But with web browser situation is even more complicated because web > sites are constantly using newer features, support for old browsers is > dropped and old browser gradually become less and less usable. It is not the > problem with Debian, but with relevant web sites, i.e their way of > development, but we must provide people who need it new web browsers and I > agree it should be via backports. But probably we could also provide some > intermediary solution, e.g Konqueror backport that will not be newest, but > newer than in stable? >
Konqueror isn't solution, because most websites check you browser strings and uses flash, javascript and so on. Yes, i know at i can change these strings, but most in cases this isn't enough if i like use this website. I used Debian stable my everyday use and this sitation how iceweasel and icedove now is upgreded is good for me. This quite good compromize with usability and convience. Remember, Debian version is ESR and not latest one. I am used stable over ten years my main version and this is first time when i can used websites most in time wuthout installed some where newer package or rolled my own package. When you used backports i think lot of peoples are quite confused, because apt-cache show package shows 2 and sometimes 3 (user used 3 party repo exm. deb-multimedia) same programs and only difference is version number When you made apt-get install boinc you get version 7.0.27+dfsg-5 and when you made apt-get -t wheezy-backports install boinc and you get version 7.0.65+dfsg-3~bpo70+1 How ordinary user can handle this? apt-get install package refuses install latest version and when they understand how to install latest version. They installed lot of packages from backports and broke their installation. If i remember correctly it's very difficult take security patch from firefox, because whole code is totally different example version 17 vs 24. Security team shoukd first evaluate is our version broken and then made new patch fron scratch and possible security patch give only idea what they shoud do. Just my thougts, Riku -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
