subject:"Thunderbird 102 pushed to F36 stable"

Re: Thunderbird 102 pushed to F36 stable

2022-09-08 Thread Eike Rathke

Hi,

On Thursday, 2022-09-08 00:59:17 +0200, Kevin Kofler via devel wrote:

> Sandro wrote:
> > Mozilla's blog entry doesn't substantiate the claim and the linked bug
> > report[1] is not publicly accessible.
> > 
> > [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1784838
> 
> The best way then would be to check whether the one-line fix:
> https://hg.mozilla.org/comm-central/log?rev=1784838
> applies (and compiles), and if it does, apply it.
> 
> Though it is moot anyway because Fedora has already been upgraded to 
> Thunderbird 102.2.1. But backporting security fixes should have been 
> considered as an option. I get the impression that it was not even 
> considered.

This misses the point. Here everyone is talking about the fix in
102.2.1, but that is moot anyway because there was an upgrade/rebase to
102.2.0 already a week earlier.

  Eike

-- 
GPG key 0x6A6CD5B765632D3A - 2265 D7F3 A7B0 95CC 3918  630B 6A6C D5B7 6563 2D3A


signature.asc
Description: PGP signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Thunderbird 102 pushed to F36 stable

2022-09-07 Thread Luna Jernberg

and Thunderbird 102.2.2 with Security Fixes was released upstream yesterday

On 9/8/22, Kevin Kofler via devel  wrote:
> Sandro wrote:
>> Mozilla's blog entry doesn't substantiate the claim and the linked bug
>> report[1] is not publicly accessible.
>>
>> [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1784838
>
> The best way then would be to check whether the one-line fix:
> https://hg.mozilla.org/comm-central/log?rev=1784838
> applies (and compiles), and if it does, apply it.
>
> Though it is moot anyway because Fedora has already been upgraded to
> Thunderbird 102.2.1. But backporting security fixes should have been
> considered as an option. I get the impression that it was not even
> considered.
>
> Kevin Kofler
> ___
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
>
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Thunderbird 102 pushed to F36 stable

2022-09-07 Thread Kevin Kofler via devel

Kevin Kofler via devel wrote:
> The best way then would be to check whether the one-line fix:
> https://hg.mozilla.org/comm-central/log?rev=1784838

Actually, there are two parts, and the main one is more than one line.

It had looked to me at a first glance that those are just the same commit 
applied (cherry-picked) to two branches, but they are different (and looking 
closer at the commit message would have made that clear).

> applies (and compiles), and if it does, apply it.

But this still stands: If I am not sure whether the branch is affected, I 
would attempt to just backport the two patches and see whether they apply.

Kevin Kofler
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Thunderbird 102 pushed to F36 stable

2022-09-07 Thread Kevin Kofler via devel

Sandro wrote:
> Mozilla's blog entry doesn't substantiate the claim and the linked bug
> report[1] is not publicly accessible.
> 
> [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1784838

The best way then would be to check whether the one-line fix:
https://hg.mozilla.org/comm-central/log?rev=1784838
applies (and compiles), and if it does, apply it.

Though it is moot anyway because Fedora has already been upgraded to 
Thunderbird 102.2.1. But backporting security fixes should have been 
considered as an option. I get the impression that it was not even 
considered.

Kevin Kofler
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Thunderbird 102 pushed to F36 stable

2022-09-07 Thread Sandro


On 07-09-2022 10:04, Kevin Kofler via devel wrote:

Marius Schwarz wrote:

I know it was a security update for
https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/
,
so better safe and live with some minor bugs, than to be sorry.


Debian claims on https://security-tracker.debian.org/tracker/CVE-2022-3033
that Thunderbird 91 is not even vulnerable to the CVEs fixed by that
advisory, only Thunderbird 102 releases (prior to the fix) were.


Mozilla's blog entry doesn't substantiate the claim and the linked bug 
report[1] is not publicly accessible.


[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1784838

-- Sandro
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Thunderbird 102 pushed to F36 stable

2022-09-07 Thread Kevin Kofler via devel

Kevin Kofler via devel wrote:
> Marius Schwarz wrote:
>> I know it was a security update for
>> https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/
>> ,
>> so better safe and live with some minor bugs, than to be sorry.
> 
> Debian claims on https://security-tracker.debian.org/tracker/CVE-2022-3033
> that Thunderbird 91 is not even vulnerable to the CVEs fixed by that
> advisory, only Thunderbird 102 releases (prior to the fix) were.

And if that claim is wrong, you can simply backport the fixes: The MFSA 
lists the bug IDs, so just search for those in the hg history:
https://hg.mozilla.org/comm-central/log?rev=1784838
https://hg.mozilla.org/comm-central/log?rev=1783831
https://hg.mozilla.org/comm-central/log?rev=1745751
https://hg.mozilla.org/comm-central/log?rev=1787741

In particular, the fix for the high-impact CVE-2022-3033 is a one-line 
addition. It does not make sense to upgrade to an incompatible version for 
that fix.

Kevin Kofler
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Thunderbird 102 pushed to F36 stable

2022-09-07 Thread Kevin Kofler via devel

Marius Schwarz wrote:
> I know it was a security update for
> https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/
> ,
> so better safe and live with some minor bugs, than to be sorry.

Debian claims on https://security-tracker.debian.org/tracker/CVE-2022-3033 
that Thunderbird 91 is not even vulnerable to the CVEs fixed by that 
advisory, only Thunderbird 102 releases (prior to the fix) were.

Kevin Kofler
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Thunderbird 102 pushed to F36 stable

2022-09-07 Thread Kevin Kofler via devel

Mattia Verga via devel wrote:
> Moreover, thunderbird in on the critical path update list; Bodhi
> requires 14 days of testing for those packages, but it is set to require
> only +2 karma, so packagers easily bypass the testing phase, like it is
> clearly happened here (pushed to stable just after 5 hours). I think
> critpath updates should spend more time in testing, maybe we should
> increase the critpath min karma to, at least, +5.

There are a lot of critpath packages that never reach +5 karma. Especially 
for Fedora n-1 (right now, 35), for which we also need to push security 
updates.

The real issue is not the low karma threshold, but the automatic push with 
no double-check from the maintainer.

Kevin Kofler
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Thunderbird 102 pushed to F36 stable

2022-09-06 Thread Mattia Verga via devel

Il 03/09/22 02:56, l...@fedoraproject.org ha scritto:
>
> On 2022-09-02 10:49 a.m., Mattia Verga via devel 
>  wrote:
>> Here we go again: thunderbird 102 update was submitted to F36.
>>
>> This new version was known to bring incompatible changes to several
>> addons, yet it has been submitted to a stable Fedora release with
>> autopush enable and just a karma threshold of 2. It took less than 5
>> hours from the time the update was submitted to the time the update was
>> pushed to stable.
>>
> Which addons are incompatible?

The only one I care of is TbSync, which I need to connect an Exchange
calendar from my company.

AFAIK, TbSync developer was hired by Mozilla, but I was surprised they
didn't gave them a task to try integrate Exchange/O365 into TB core...
and now the developer has no free time to maintain their plugin keep up
with TB.

Mattia

___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Thunderbird 102 pushed to F36 stable

2022-09-06 Thread Marcin Juszkiewicz


W dniu 3.09.2022 o 10:47, Demi Marie Obenour pisze:

On 9/3/22 04:42, Marcin Juszkiewicz wrote:

W dniu 3.09.2022 o 02:56, l...@fedoraproject.org pisze:



Which addons are incompatible? Additionally, use "Addon Compatibility
Check" for the purpose. The best practice is to contact these addons
developers fixing their issues.



After using Thunderbird for over 10 years I have a feeling that addons
developers more often abandon their addons when Thunderbird breaks
compatibility rather than continue working on them.



Can you name specific addons?


External Editor for example - worked up to v90 (or whichever was the 
previous "we break extensions" point). Current solution to get it 
working is so bizarre that I prefer to forget about it.


I stopped adding new extensions some time ago to not get used to extra 
functionality which may/will vanish with version update.


Now I have 11 extensions working and removed all which stopped being 
compatible.

___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Thunderbird 102 pushed to F36 stable

2022-09-05 Thread PGNet Dev


As I did those updates..


well explained, thx.


But this then seems to be a more general problem of how we want to
support a switch an application from one ESR/LTS release if it is EOL to
the next.


not terribly differently than others -- with an abundance of end-user education 
and caution?

tbird version update -- across ESLs or not -- breaking one's install, or eating 
one's mailstore, is not _automatically_ a universal fact

for tbird, it's more often an issue specific to one's system; not uncommmonly, your 
config &/or your addons.

for other ppl, the upgrade's been working fine in production for awhile now 
with upstream releases, with early fedora tbird builds, and now the fedora 
release pkgs.
for me, the lack of a long-overdue v102 update was 'costing' much more than not 
...

on F36, thunderbird packages are still available in two major versions

dnf list --showduplicates thunderbird
Last metadata expiration check: 0:01:09 ago on Sat 03 Sep 2022 
07:36:45 AM EDT.
Available Packages
thunderbird.x86_6491.7.0-1.fc36 
 fedora
thunderbird.x86_64
102.2.1-1.fc36 updates

older version's still easily installed,

dnf install thunderbird-91.7.0-1.fc36.x86_64

historical versions are still available, and quite easily installed & 
functional, from

https://www.thunderbird.net/en-US/thunderbird/releases/

ESL or not, how exactly was thunderbird 102 'pushed' to ppl's systems?

did they

enable autoupdates?

or,

click to allow the update?

if tbird's a critical update for 'you', you

do have backups of your tbird configs & mailstores?
keep up to date with thunderbird version progress/news/chengelogs/notes?
remembered that addons are not tbird or fedora issues, and checked 
current/future compatibility of your addons, as well as whether they're well 
maintained?
communicated issues/bugs/etc to the respective projects?

and

have waited to update until after checking/verifying that it works for 
you?

and, in case none of that was done, since firefox/tbird major-version update 
issues _are_ historically well-known (if unfortunate), you froze version 
upgrades of tbird on your system

https://dnf-plugins-core.readthedocs.io/en/latest/versionlock.html

to make sure that you're never surprised by an update you don't want/expect?

my $0.02.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Thunderbird 102 pushed to F36 stable

2022-09-05 Thread Eike Rathke

Hi,

As I did those updates..

On Friday, 2022-09-02 17:49:57 +, Mattia Verga via devel wrote:

> Here we go again: thunderbird 102 update was submitted to F36.

Actually we already had 102.2.0 a week before on 2022-08-23 with
https://bodhi.fedoraproject.org/updates/FEDORA-2022-ddee3eb27c for f35
https://bodhi.fedoraproject.org/updates/FEDORA-2022-33dd0f2f3e for f36
after Jan did the rebase to 102.1.0 that was not pushed. We maybe could
had gone with 91.13.0 instead of 102.2.0, backing out the rebase for one
update, but that was the last 91.x release and newer security fixes will
not be released for it, specifically that high-impact CVE-2022-3033
information leak fixed with 102.2.1 is not adressed there.

> This new version was known to bring incompatible changes to several
> addons,

I wasn't aware of that, I'm "only" doing the security updates, and
the update to 102.2.0 didn't bring any such up.
The releasenotes don't indicate such either:
https://www.thunderbird.net/en-US/thunderbird/102.0/releasenotes/
https://www.thunderbird.net/en-US/thunderbird/102.1.0/releasenotes/
https://www.thunderbird.net/en-US/thunderbird/102.2.0/releasenotes/
Furthermore the 102.2.0 release isn't marked as "not as an upgrade from
Thunderbird version 91 or earlier" anymore, which 102.0 and 102.1.0
were.

> yet it has been submitted to a stable Fedora release with
> autopush enable and just a karma threshold of 2. It took less than 5
> hours from the time the update was submitted to the time the update was
> pushed to stable.

I chose karma +2 because the past has shown that it rarely gets more
votes in f36 and in f35 even less and thought that security updates
shouldn't linger around more than necessary.

> Package maintainers should put more attention when pushing critical
> updates like this and avoid that the update being immediately pushed to
> stable.

Now, holding off only the 102.2.1 push with
https://bodhi.fedoraproject.org/updates/FEDORA-2022-4fcde117f2 for f35
doesn't make sense with 102.2.0 already being in.

If for Thunderbird a rebase really would need a FESCo exception then
that seems to be a new handling for Thunderbird as also in the past
there were rebases from for example 78.11.0 to 91.1.0 in stable f33/f34
(I wasn't involved with) when 78.x was discontinued.

But this then seems to be a more general problem of how we want to
support a switch an application from one ESR/LTS release if it is EOL to
the next.

  Eike

-- 
GPG key 0x6A6CD5B765632D3A - 2265 D7F3 A7B0 95CC 3918  630B 6A6C D5B7 6563 2D3A

signature.asc
Description: PGP signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Thunderbird 102 pushed to F36 stable

2022-09-03 Thread Marius Schwarz


Am 03.09.22 um 08:58 schrieb Mattia Verga via devel:

clearly happened here (pushed to stable just after 5 hours). I think
critpath updates should spend more time in testing, maybe we should
increase the critpath min karma to, at least, +5.



Judging from past critpath updates for several apps, I'm pretty sure, 
you won't get those many votes for both stable fedora releases.


bets regards,
Marius Schwarz

___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Thunderbird 102 pushed to F36 stable

2022-09-03 Thread Marius Schwarz


Am 02.09.22 um 19:49 schrieb Mattia Verga via devel:

Here we go again: thunderbird 102 update was submitted to F36.

This new version was known to bring incompatible changes to several
addons, yet it has been submitted to a stable Fedora release with
autopush enable and just a karma threshold of 2. It took less than 5
hours from the time the update was submitted to the time the update was


and less than <24h for the first thunderbird 102 bugs to come in.

- addons not removeable
- safe-mode not working

I know it was a security update for 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/ 
,

so better safe and live with some minor bugs, than to be sorry.

bet regards,
Marius Schwarz___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Thunderbird 102 pushed to F36 stable

2022-09-03 Thread Demi Marie Obenour

On 9/3/22 04:42, Marcin Juszkiewicz wrote:
> W dniu 3.09.2022 o 02:56, l...@fedoraproject.org pisze:
>>> Here we go again: thunderbird 102 update was submitted to F36.
>>>
>>> This new version was known to bring incompatible changes to several
>>> addons, yet it has been submitted to a stable Fedora release with
>>> autopush enable and just a karma threshold of 2. It took less than 5
>>> hours from the time the update was submitted to the time the update was
>>> pushed to stable.
>> Which addons are incompatible? Additionally, use "Addon Compatibility 
>> Check" for the purpose. The best practice is to contact these addons 
>> developers fixing their issues.
> After using Thunderbird for over 10 years I have a feeling that addons 
> developers more often abandon their addons when Thunderbird breaks 
> compatibility rather than continue working on them.

Can you name specific addons?

> More and more functionality present in addons goes away when Tb devs 
> remove apis used by addons.

Qubes OS used to have an addon, but it was broken when legacy extension
support was dropped.  Thunderbird 102 added the missing API (a hook
for attachment context menus) needed to implement the extension as
a stable WebExtension.
-- 
Sincerely,
Demi Marie Obenour (she/her/hers)
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Thunderbird 102 pushed to F36 stable

2022-09-03 Thread Marcin Juszkiewicz


W dniu 3.09.2022 o 02:56, l...@fedoraproject.org pisze:

Here we go again: thunderbird 102 update was submitted to F36.

This new version was known to bring incompatible changes to several
addons, yet it has been submitted to a stable Fedora release with
autopush enable and just a karma threshold of 2. It took less than 5
hours from the time the update was submitted to the time the update was
pushed to stable.


Which addons are incompatible? Additionally, use "Addon Compatibility 
Check" for the purpose. The best practice is to contact these addons 
developers fixing their issues.


After using Thunderbird for over 10 years I have a feeling that addons 
developers more often abandon their addons when Thunderbird breaks 
compatibility rather than continue working on them.


More and more functionality present in addons goes away when Tb devs 
remove apis used by addons.

___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Thunderbird 102 pushed to F36 stable

2022-09-03 Thread Demi Marie Obenour

On 9/3/22 02:58, Mattia Verga via devel wrote:
> Il 03/09/22 06:36, Demi Marie Obenour ha scritto:
>> On 9/2/22 13:49, Mattia Verga via devel wrote:
>>> Here we go again: thunderbird 102 update was submitted to F36.
>>>
>>> This new version was known to bring incompatible changes to several
>>> addons, yet it has been submitted to a stable Fedora release with
>>> autopush enable and just a karma threshold of 2. It took less than 5
>>> hours from the time the update was submitted to the time the update was
>>> pushed to stable.
>>>
>>> Package maintainers should put more attention when pushing critical
>>> updates like this and avoid that the update being immediately pushed to
>>> stable.
>> Thunderbird 91 will go EOL eventually, assuming it has not done
>> so already.  As every Thunderbird update bring security fixes it is
>> not possible to guarantee that such an update will not be necessary
>> within the middle of a Fedora release.
>> --
>> Sincerely,
>> Demi Marie Obenour (she/her/hers)
> 
> I do not argue with that, I'm just saying (ranting) that, knowing 102
> likely breaks installed addons, it seems to me that at least an
> announcement on devel list prior to push it into a stable release would
> have been appreciated.
> 
> Moreover, thunderbird in on the critical path update list; Bodhi
> requires 14 days of testing for those packages, but it is set to require
> only +2 karma, so packagers easily bypass the testing phase, like it is
> clearly happened here (pushed to stable just after 5 hours). I think
> critpath updates should spend more time in testing, maybe we should
> increase the critpath min karma to, at least, +5.
For non-security, non-kernel, non-browser updates that would make sense.
For security patches, anything that makes them take even longer to get to
users is a bad idea.  This includes kernel and browser patches.
-- 
Sincerely,
Demi Marie Obenour (she/her/hers)
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Thunderbird 102 pushed to F36 stable

2022-09-03 Thread Mattia Verga via devel

Il 03/09/22 06:36, Demi Marie Obenour ha scritto:
> On 9/2/22 13:49, Mattia Verga via devel wrote:
>> Here we go again: thunderbird 102 update was submitted to F36.
>>
>> This new version was known to bring incompatible changes to several
>> addons, yet it has been submitted to a stable Fedora release with
>> autopush enable and just a karma threshold of 2. It took less than 5
>> hours from the time the update was submitted to the time the update was
>> pushed to stable.
>>
>> Package maintainers should put more attention when pushing critical
>> updates like this and avoid that the update being immediately pushed to
>> stable.
> Thunderbird 91 will go EOL eventually, assuming it has not done
> so already.  As every Thunderbird update bring security fixes it is
> not possible to guarantee that such an update will not be necessary
> within the middle of a Fedora release.
> --
> Sincerely,
> Demi Marie Obenour (she/her/hers)

I do not argue with that, I'm just saying (ranting) that, knowing 102
likely breaks installed addons, it seems to me that at least an
announcement on devel list prior to push it into a stable release would
have been appreciated.

Moreover, thunderbird in on the critical path update list; Bodhi
requires 14 days of testing for those packages, but it is set to require
only +2 karma, so packagers easily bypass the testing phase, like it is
clearly happened here (pushed to stable just after 5 hours). I think
critpath updates should spend more time in testing, maybe we should
increase the critpath min karma to, at least, +5.

Mattia

___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Thunderbird 102 pushed to F36 stable

2022-09-02 Thread Demi Marie Obenour

On 9/2/22 13:49, Mattia Verga via devel wrote:
> Here we go again: thunderbird 102 update was submitted to F36.
> 
> This new version was known to bring incompatible changes to several
> addons, yet it has been submitted to a stable Fedora release with
> autopush enable and just a karma threshold of 2. It took less than 5
> hours from the time the update was submitted to the time the update was
> pushed to stable.
> 
> Package maintainers should put more attention when pushing critical
> updates like this and avoid that the update being immediately pushed to
> stable.

Thunderbird 91 will go EOL eventually, assuming it has not done
so already.  As every Thunderbird update bring security fixes it is
not possible to guarantee that such an update will not be necessary
within the middle of a Fedora release.
-- 
Sincerely,
Demi Marie Obenour (she/her/hers)
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Thunderbird 102 pushed to F36 stable

2022-09-02 Thread Demi Marie Obenour

On 9/2/22 22:06, Ian Chapman wrote:
> On 03/09/2022 01:49, Mattia Verga via devel wrote:
>> Here we go again: thunderbird 102 update was submitted to F36.
>>
>> This new version was known to bring incompatible changes to several
>> addons, yet it has been submitted to a stable Fedora release with
>> autopush enable and just a karma threshold of 2. It took less than 5
>> hours from the time the update was submitted to the time the update was
>> pushed to stable.
>>
>> Package maintainers should put more attention when pushing critical
>> updates like this and avoid that the update being immediately pushed to
>> stable.
> 
> Indeed. This update caused me to lose several mailboxes and many message 
> filters. Thankfully I could downgrade back to v91 and restore from 
> backups. More than just extension incompatibility.

Losing several mailboxes is a critical bug.  Please report it upstream.
-- 
Sincerely,
Demi Marie Obenour (she/her/hers)
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Thunderbird 102 pushed to F36 stable

2022-09-02 Thread Ian Chapman


On 03/09/2022 01:49, Mattia Verga via devel wrote:

Here we go again: thunderbird 102 update was submitted to F36.

This new version was known to bring incompatible changes to several
addons, yet it has been submitted to a stable Fedora release with
autopush enable and just a karma threshold of 2. It took less than 5
hours from the time the update was submitted to the time the update was
pushed to stable.

Package maintainers should put more attention when pushing critical
updates like this and avoid that the update being immediately pushed to
stable.


Indeed. This update caused me to lose several mailboxes and many message 
filters. Thankfully I could downgrade back to v91 and restore from 
backups. More than just extension incompatibility.



--
Regards,
Ian Chapman
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Thunderbird 102 pushed to F36 stable

2022-09-02 Thread luya




On 2022-09-02 10:49 a.m., Mattia Verga via devel 
 wrote:

Here we go again: thunderbird 102 update was submitted to F36.

This new version was known to bring incompatible changes to several
addons, yet it has been submitted to a stable Fedora release with
autopush enable and just a karma threshold of 2. It took less than 5
hours from the time the update was submitted to the time the update was
pushed to stable.

Which addons are incompatible? Additionally, use "Addon Compatibility Check" for the purpose. 
The best practice is to contact these addons developers fixing their issues.

___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Thunderbird 102 pushed to F36 stable

2022-09-02 Thread Mattia Verga via devel

Here we go again: thunderbird 102 update was submitted to F36.

This new version was known to bring incompatible changes to several
addons, yet it has been submitted to a stable Fedora release with
autopush enable and just a karma threshold of 2. It took less than 5
hours from the time the update was submitted to the time the update was
pushed to stable.

Package maintainers should put more attention when pushing critical
updates like this and avoid that the update being immediately pushed to
stable.

Mattia

___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: Thunderbird 102 pushed to F36 stable

Re: Thunderbird 102 pushed to F36 stable

Re: Thunderbird 102 pushed to F36 stable

Re: Thunderbird 102 pushed to F36 stable

Re: Thunderbird 102 pushed to F36 stable

Re: Thunderbird 102 pushed to F36 stable

Re: Thunderbird 102 pushed to F36 stable

Re: Thunderbird 102 pushed to F36 stable

Re: Thunderbird 102 pushed to F36 stable

Re: Thunderbird 102 pushed to F36 stable

Re: Thunderbird 102 pushed to F36 stable

Re: Thunderbird 102 pushed to F36 stable

Re: Thunderbird 102 pushed to F36 stable

Re: Thunderbird 102 pushed to F36 stable

Re: Thunderbird 102 pushed to F36 stable

Re: Thunderbird 102 pushed to F36 stable

Re: Thunderbird 102 pushed to F36 stable

Re: Thunderbird 102 pushed to F36 stable

Re: Thunderbird 102 pushed to F36 stable

Re: Thunderbird 102 pushed to F36 stable

Re: Thunderbird 102 pushed to F36 stable

Re: Thunderbird 102 pushed to F36 stable

Thunderbird 102 pushed to F36 stable

23 matches

Site Navigation

Mail list logo

Footer information