On Sat, Aug 3, 2013 at 12:51 AM, Ehsan Akhgari <ehsan.akhg...@gmail.com>wrote:
> This adds too much risk of security patches failing to backport from > >> mozilla-central to ESR 24. Remember that one of the design goals of ESR >> is to minimize the amount of effort we put into it so that ESR doesn't >> slow down real Firefox. AFAICT, most people don't even want ESR at all. >> So, a constraint to keep ESR 24 compatible with GCC needs to include >> some resources for doing the backports. >> > > How does this add too much risk? Patches that we backport to ESR are > usually fairly small, and there is already some risk involved as the > codebases diverge, of course. > There are two kinds of risks: The risk that any developer would need to waste time on ESR just to support a product that isn't even Firefox on a platform that virtually nobody uses, and the risk that comes with making any changes to the security fix that you are trying to backport. The ideal case (assuming we can't just kill ESR) is that your backport consists of "hg graft" and "hg push" and you're done. That is what we should optimize for, as far as supporting ESR is concerned. You are right, of course, that ESR and mozilla-central diverge as mozilla-central is improved and there are likely to be merge conflicts. But, we should not contribute to that divergence unnecessarily. How many developers are even insisting on building Firefox on a Linux distro that insists on using GCC 4.4, who are unwilling to upgrade their compiler? We're talking about a very, very small minority of people, AFAICT. I know one of those people is Mike, who is a very, very important Mozillian who I definitely do not intend any insult. But, it really does seem to me that instead of us trying to bending to the desires of the most conservative distros, the rational decision is to ask those distros who insist on using very old tools for very long periods of time to solve the problem that they've caused themselves with their choices. I think we could could still feel really good about how Linux-friendly we are even if we shifted more of these kinds of burdens onto the distros. Again, no offense intended for Mike or any other maintainer of any Linux distro. I have nothing against Debian or any group. Cheers, Brian -- Mozilla Networking/Crypto/Security (Necko/NSS/PSM) _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform