Slashdot Mirror
No Additional Firefox 4 Security Updates
CWmike writes "Unnoticed in the Tuesday release of Firefox 5 was Mozilla's decision to retire Firefox 4, shipped just three months ago. Mozilla spelled out vulnerabilities it had patched in that edition and in 2010's Firefox 3.6, but it made no mention of any bugs fixed in Firefox 4 on Tuesday, because Firefox 4 has reached what Mozilla calls EOL, for 'end of life,' for patches. Although the move may have caught users by surprise, the decision to stop supporting Firefox 4 has been discussed within Mozilla for weeks. In a mozilla.dev.planning mailing list thread, Christian Legnitto, the Firefox release manager, put it most succinctly on May 25: 'Firefox 5 will be the security update for Firefox 4.' Problem is, users are being prompted to upgrade now but are hesitant because the new rapid release of updates means many add-ons are not compatible. And without security updates in between, many could be left exposed with unpatched browsers."
For Firefox 6.0
I would not be surprised if their new release cycle causes their marketshare to start shrinking in a significant fashion.
I have been a long-time Firefox user (ever since it was Phoenix) and their current release philosophy is really turning me off. They just seem so misguided and detached from reality.
Are they trying to kill their user base ?
Anybody serious deploying system WILL NOT ship a mozilla product. Obsoleting a software 3 month after its release is ridiculous. You can't try to get market share and killa release in 3 month. If you don't plan to give any support, call that a development version!
I am SO disappointed in them!
Slashdot story
No big news, except that the Mozilla Foundation has gone out of its mind. I think I'll stick with Firefox 3 until it reaches end of life, and then upgrade to Firefox 25.
I really don't want to have to push out a brand new version of FF every few months and risk breaking my users' plugins that they use.
"A plan fiendishly clever in its intricacies"- Homer Simpson
Version numbers don't matter any more. This is really not a major release. It is an incremental upgrade, just like Chrome and just like the Linux kernel. It is a new way of developing software that has been happening for a while now.
This is the exact behavior that will drive users away. It's more disruptive than the KDE 4.0 debacle.
I've been a committed Firefox user for many years, using daily many plugins that I find irreplaceable (zotero, noscript). I'm now seriously considering alternatives. I find it irresponsible that Mozilla would not stand behind the major release of one of their products for more than three months.
This whole version number thing is insane and pissing off anyone who needs a singe stable version that is supported for a reasonable length of time.
If they wanted to up the version number they should have just skipped 4, 5, 6, 7, 8, 9, 10 to 11 or 12. Or since everyone skips 13 anyway just go directly to 14 and be done with it. Then keep it there for at least a year.
Who, exactly, is the rapid release schedule helping? It's certainly not helping web developers and organizations who try to list their supported browser versions and actually try to code towards those versions. The quickest path to get the corporate PHBs to stop supporting your browser is to have the IT staff say "Guess what, the next version of Firefox is already out so we need to make updates." At some places, support for browsers other than IE is tenuous at best, so making it more difficult to support these browsers only hurts the browser manufacturers.
Want to gain more support? Release a stable product, with wide support for standards and add-ons, and do so on a sane, well-publicized schedule. People don't care about version numbers; updating software isn't something people want or like to do. Why are you making it more difficult and cumbersome for users to use your product?
Dear Mozilla: Pull your head out of Chrome's ass.
Conservative, mod down for violating
But that is merely a symptom, not the cause.
If nothing else, the new release philosophy causes the incredibly stupid approach to add-on compatibility to be highlighted.
People have complained about add-ons 'breaking' for years with other (point) releases, usually stating that after updating the maxVersion string manually, or using Nightly Tester Tools to override, the add-on continues to work perfectly fine.
Perhaps it's wishful thinking.. but part of me is hoping that the new release schedule forces Mozilla, and the community, to re-think add-on compatibility reporting; flagging add-ons as 'broken' not by default, but after testing.
for all practical purposes, it IS the security update to 4.1 and should be treated as such.
Security updates do not break backwards compatibility.
Except when necessary to fix implementation and design bugs, there shouldn't be any trade-offs in installing a security update; the new version should be exactly the same except more bug free, or people aren't going to install it.
It sounds like browser version numbers are designed to be a poor proxy for plugin API version. Therefore, I have to wonder, why not version the API instead (i.e. Firefox Plugin API 2.1 in Firefox 5.0)? Plus, you even get backwards compatibility since it becomes trivial to have multiple APIs and use the highest one the plugin is compatible with.
You are not kidding, half of my add-ons/plugins are not compatible to the new release. so I'll sit on the sidelines for a while.
Now I think that Firefox should find a point and say, clean up time, make a few versions updates, then poll the community for the next official features, this way you get some stability over time and new features, heck I don't mind if they did that every 9 months, at lease I would know that the older versions would be somewhat safe to utilize on the current platform of my firm.
if you see me, smile and say hello.
Although the move may have caught users by surprise, the decision to stop supporting Firefox 4 has been discussed within Mozilla for weeks.
Who cares what the users think about EOL'ing a product that was only released a few week ago. We The Developers are going to do what we want, users be damned.
They make it sound as if it is the users fault. The users are not there so you can code. You should not code despite of the users.
I now need to run firefox with the -P option, because they do not allow me to run two instances at the same time (No, I do not mean a second window). Running it over ssh needs an extra parameter.
It does a lot of other things against logic, like updating itself instead of letting my distro do that.
With everything they do I get a feeling that the developers think they are holier then thou. They do things because they can and/or because it is fun to do for them.
At this moment the only thing that keeps me with Firefox is the add-ons, but I will making a list of the importance of all plugins and see if there is an alternative elsewhere.
They, of all browsers, should know how fast people can switch and loose everything again.
Don't fight for your country, if your country does not fight for you.
Christian Legnitto, the Firefox release manager, put it most succinctly on May 25: 'Firefox 5 will be the security update for Firefox 4.' Problem is, users are being prompted to upgrade now but are hesitant because the new rapid release of updates means many add-ons are not compatible. And without security updates in between, many could be left exposed with unpatched browsers."
Came to say that.
Don't the people in charge think these things through? It appears not.
The new versioning schema is the new security hole in Firefox.
And all done for no real gain or benefit.
Idiots.
"I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
Firefox 5 is more like Firefox 4.1 in truth, the only thing this rapid release crap has done is confused everyone with thinking what is actually a minor update is a major break lots of extensions update.
How the hell do you work that into the new versioning system?! The only way would be for the browser itself to "know" that Firefox 5 is basically Firefox 4 and not flag addons written for "4.0+".
Am I supposed to assume that an addon I write against Firefox 4 will work in Firefox 5 and Firefox 6, when the same was certainly not true for Firefox 1 to 2 - and 2 to 3, and 3 to 4? When will they be changing the API again? Am I supposed to be psychic when setting the maxVersion number?
Two things they could do. The one they probably should do right away is to decouple the API versions from the program versions, since those have become meaningless. Heck, even Windows did this when their marketing department got the clout Mozilla's seems to have - developers could still query the real (meaningful) version number even though the box had a year or stupid name on it. They could leave things as they are now for addon developers or they could introduce a new maxAPIVersion check, one time.
If they were feeling energetic, they could teach the browser how to introspect its API changes and make smart decisions. Say, an addon uses foo() and bar() - those did not change since the maxVersion release, so run the addon. Another addon uses foo() and baz() and declares the same maxVersion. The browser knows that baz() changed semantically, so it prevents baz() from running.
I'd probably rather see that approach since it takes the weight off of thousands of developers and puts it onto one or two.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)