Interviewed by CNN on 08/09/2011 19:35, cqbrodie told the world: > Like so many people I really appreciate the time and effort that has > been expended in making SeaMonkey a success. > I am concerned however by the constant stream of problems/shortcomings > being reported and the equally constant stream of updates, etc. > > It would seem to me, based on the devoted persons who are doing all of > the changes, corrections, that there needs to a stop to all these constant > corrections and that SeaMonkey be allowed to mature for a relatively > short/long period of time so that the non-experts like myself can catch > their breath. > > One of the concerns I have is the hurry up and install the latest > version, when in fact there appears not to have been an evaluation of > the latest bug correction or whatever.
Well, I guess you didn't follow all the brouhaha. I don't blame you, it was quite confusing... let me try to summarize it to you: Right after 2.3.0 being made available, the dev team became aware of an issue with the digital certificates. The issue being that Seamonkey only trusted digital certificates emitted under one "root" for the purpose of upgrading to a new version -- and that root is scheduled to be closed, which would eventually leave current Seamonkey users accepting *no* valid certificates for future upgrades. While this particular issue wouldn't cause any problem in the day-to-day use of the product, it could cause a major disruption in future upgrades. So the dev team quickly posted 2.3.1, which added additional trusted certificates, so users wouldn't be left out in the lurch in the future. While *technically* this probably could wait for 2.4.0, in a practical sense it couldn't: not all user upgrade immediately, so it's important to get the new certificate distributed as soon and as widely as possible. Was this problem caused by an oversight by the dev team? Maybe. But they are human, and humans sometimes make mistakes. This was caught on time, though. If only that had been the only problem... A few days later, the DigiNotar mess came to fore. Basically, a Dutch certificate authority was hacked and a bunch of fake certificates in the name of major websites were issued. This was a MAJOR security problem -- those websites included Google, Mozilla and Microsoft, among others. DigiNotar totally bungled the damage control, and it became necessary to remove trust on their root certificates -- meaning that we no longer trust *any* certificate issued by them. And that was SM 2.3.2, and Firefox/Thunderbird 6.0.1. Only, the mess didn't stop. Another DigiNotar root certificate, which had previously been considered safe, came out as having been compromised too. So there was round two of certificates removal and blocking. That was SM 2.3.3, and Firefox/Thunderbird 6.0.2. Let's be clear here: the DigiNotar problems which made necessary the 2.3.2/6.0.1 and 2.3.3/6.0.2 updates were *NOT* in any way Mozilla's fault. They were caused by DigiNotar. You might ask, "Why couldn't it all be done in a single update?" Well, because (a) nobody knew that there would be need of a further update, and (b) at the time of each update, the issues were seen as serious enough to warrant immediate release. > So I would request those who are dedicated to making SeaMonkey an ever > better application to "slow down" and get the application more stable > than it appears not be and subjected to all these constant corrections. > I would also like to suggest that there be an eventual update that will > over-write one of the more stable versions so that there is a higher > degree of confidence in doing the simplest way of upgrading without all > these specifics to have two profiles and similar update methods. As I explained, the corrections were *not* related to stability. But, in a way, the new so-called "rapid-release train" is already improving that. Under the new system, new features only get released after a minimum of twelve weeks (that's three months) of testing, where only bug fixes are allowed. KaiRo had a nice post explaining it a while ago... let me see if I can find it... here it is: http://home.kairo.at/blog/2011-08/why_rapid_releases_can_improve_stability As for the two profiles etc., it was a one time thing, in the upgrade from SM 1.x to 2.0 -- that was necessitated due to the big changes in the profile format, and it was deemed safer to copy the profile instead of overwriting it. It was supposed to happen automatically, too. In all other cases, the default process is just to install over your current copy of Seamonkey. I never had trouble doing that. Still, some people prefer to be over-cautious and backup their profile before upgrading. It's not a bad idea, in principle; in fact, you should backup *all* your data regularly, not just your Seamonkey profile. Shit does happen. But it is not the regular upgrade process. I'll add that there is a situation where it is strongly advised to back up your profile: if you are using prerelease versions of Seamonkey (Nightly/Aurora/Beta). These are by definition not as stable as release versions, and there's a fair chance of problems. -- MCBastos This message has been protected with the 2ROT13 algorithm. Unauthorized use will be prosecuted under the DMCA. -=-=- ... Sent from my U.S. Robotics Pilot 100. *Added by TagZilla 0.066.2 running on Seamonkey 2.3.3 * Get it at http://xsidebar.mozdev.org/modifiedmailnews.html#tagzilla _______________________________________________ support-seamonkey mailing list [email protected] https://lists.mozilla.org/listinfo/support-seamonkey
