No Additional Firefox 4 Security Updates

CWmike writes "Unnoticed in the Tuesday release of Firefox 5 was Mozilla's decision to retire Firefox 4, shipped just three months ago. Mozilla spelled out vulnerabilities it had patched in that edition and in 2010's Firefox 3.6, but it made no mention of any bugs fixed in Firefox 4 on Tuesday, because Firefox 4 has reached what Mozilla calls EOL, for 'end of life,' for patches. Although the move may have caught users by surprise, the decision to stop supporting Firefox 4 has been discussed within Mozilla for weeks. In a mozilla.dev.planning mailing list thread, Christian Legnitto, the Firefox release manager, put it most succinctly on May 25: 'Firefox 5 will be the security update for Firefox 4.' Problem is, users are being prompted to upgrade now but are hesitant because the new rapid release of updates means many add-ons are not compatible. And without security updates in between, many could be left exposed with unpatched browsers."

I'm a web developer and happy about this

[Co0Ps]

A new major version increment is no longer equivalent to a new application. There is no Firefox 3, "firefox3.5", Firefox 4 etc. There is only Firefox - which is exactly the way it should be. Normal users doesn't and shouldn't be concerned about version numbers. They should always use the latest version and it is the application/browsers responsibility to keep itself up to date. Why separate updates and security updates? The update process should be as simple, fast, automatic and non-obtrusive as possible. This is a step in the right direction. Read: http://www.codinghorror.com/blog/2011/05/the-infinite-version.html

For the similar reasons, W3C has decided to skip version numbers altogether in the HTML standard. The web is continuously evolving so version number doesn't make sense there. You either supports the latest HTML or not. You cannot choose to use the Internet 3.0 because you still want to use your 3.0 browser. It doesn't work that way. Browsers should always keep up to date with the latest standards instead of clinging on a specific version number. W3C has realized that a standard is not a standard until it's actually used. The can draft together a document explaining how web sites should be compatible with the "semantic web" and call it "The Semantic Web 2.0" but until web sites actually implement it and browsers support it it's not a standard.

As I see it there are two problems that are _not_ related to the above. Please don't confuse them. First of all addons gets "incompatible" when a new major is released which cause problems for people. The upgrade process is not perfect yet, Mozilla is probably working on that. As I understand it all v4 addons automatically gets marked as incompatible with v5 - but AFAIK this is just a safety measure which will probably be changed in the future. 99% of all addons just needs to update a flag to get compatible again. There are addons that automatically can make old addons work again by updating that flag.

The second problem is that some repositories s are not fast enough to keep up with the rapid release cycle. Well, that's their problem really. Use a repository that's faster then or compile yourself... or use an OS that don't want to take away the responsibility of updating itself from the application.