On Thu, 2016-04-28 at 22:27 -0400, Jonathan Billings wrote:> On Fri, Apr 29, 2016 at 02:23:32AM +0100, Always Learning wrote: > > Centos replaced well-running customise Firefox with version ESR 45.1.0 > > Errr... you mean Red Hat released a security update (see > https://rhn.redhat.com/errata/RHSA-2016-0695.html), and CentOS > rebuilt and released it. > > What, exactly, would you like the CentOS maintainers to do > differently? Are you volunteering your time to help?I would really like to help but I lack the time with many many demands on time I don't have. Centos might form a special interests group specifically for the existing Firefox ESR browser. Another poster recently stated Mozilla was dropping ESR versions which is likely to jeopardise browser stability. Ultimately it would be nice for a Firefox folk removing privacy breeches, phoning home, allowing web sites to secretly store data (despite options turned-off) and removal of lots of crap unnecessary for the vast majority of Enterprise users. It could eliminate the constant changes - often apparently just to amuse Firefox developers - which users seem to hate. When using the yum GUI update notification service, no reasons for updates are visible. No good issuing a security improvement when, as Johnny replied in another posting, " With respect to CentOS-5, it seems this patch was not migrated to the 45.0.1 install: https://bugzilla.redhat.com/attachment.cgi?id=1025187 from this bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1221368 " essential parts were omitted. Perhaps Up-Stream were pre-occupied with another fundamental change to the product we know and love ? (well, not C7 yet) I use Firefox extensively for a multitude of tasks. -- Regards, Paul. England, EU. England's place is in the European Union.
On 04/28/2016 10:20 PM, Always Learning wrote:> > On Thu, 2016-04-28 at 22:27 -0400, Jonathan Billings wrote: >> On Fri, Apr 29, 2016 at 02:23:32AM +0100, Always Learning wrote: >>> Centos replaced well-running customise Firefox with version ESR 45.1.0 >> >> Errr... you mean Red Hat released a security update (see >> https://rhn.redhat.com/errata/RHSA-2016-0695.html), and CentOS >> rebuilt and released it. >> >> What, exactly, would you like the CentOS maintainers to do >> differently? Are you volunteering your time to help? > > I would really like to help but I lack the time with many many demands > on time I don't have. > > Centos might form a special interests group specifically for the > existing Firefox ESR browser. Another poster recently stated Mozilla was > dropping ESR versions which is likely to jeopardise browser stability. > > Ultimately it would be nice for a Firefox folk removing privacy > breeches, phoning home, allowing web sites to secretly store data > (despite options turned-off) and removal of lots of crap unnecessary for > the vast majority of Enterprise users. It could eliminate the constant > changes - often apparently just to amuse Firefox developers - which > users seem to hate. > > When using the yum GUI update notification service, no reasons for > updates are visible. > > No good issuing a security improvement when, as Johnny replied in > another posting, > > " With respect to CentOS-5, it seems this patch was not > migrated to the 45.0.1 install: > > https://bugzilla.redhat.com/attachment.cgi?id=1025187 > > from this bugzilla: > > https://bugzilla.redhat.com/show_bug.cgi?id=1221368 " > > essential parts were omitted. Perhaps Up-Stream were pre-occupied with > another fundamental change to the product we know and love ? (well, not > C7 yet) > > I use Firefox extensively for a multitude of tasks.OK, when red hat releases a firefox update, we build it. It is a rebuild of the upstream code, as is are all other CentOS packages. So, we will work with the Red Hat maintainer to address any issues, like we did with the unix plice bug .. BUT .. we will build and release any source code that is released for RHEL .. that is what CentOS Linux is, a rebuild of the RHEL Source Code, when it is released. So, it does not matter if the packages are broken or not. If the CentOS team did not make changes that did the breaking, we will not be issueing fixes UNTIL Red Hat does in the RHEL Source Code. It the centOS team did make a branding change, and that change is responsible for breaking something, we will of course fix that ASAP and release. In the case of this firefox release, Red Hat has acknowledged they need to fix it in the RHEL Source Code here: https://bugzilla.redhat.com/show_bug.cgi?id=1221368 Therefore, I have made a new temporary version available here, for people who would opt to get the new version and not wait: http://people.centos.org/hughesjr/firefox-45.1.0-1.1.el5.centos/ If you want either the 1386 and/or x86_64 versions, please manually download and install them. Thanks, Johnny HUghes -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20160429/3f57b5b8/attachment-0001.sig>
On Fri, 2016-04-29 at 07:22 -0500, Johnny Hughes wrote:> Therefore, I have made a new temporary version available here, for > people who would opt to get the new version and not wait: > > http://people.centos.org/hughesjr/firefox-45.1.0-1.1.el5.centos/Wonderful, marvellous and I'm delightfully (and gratefully) happy again. Brilliant. Thank you Johnny. -- Regards, Paul. England, EU. England's place is in the European Union.
On Fri, April 29, 2016 7:22 am, Johnny Hughes wrote:> On 04/28/2016 10:20 PM, Always Learning wrote: >> >> On Thu, 2016-04-28 at 22:27 -0400, Jonathan Billings wrote: >>> On Fri, Apr 29, 2016 at 02:23:32AM +0100, Always Learning wrote: >>>> Centos replaced well-running customise Firefox with version ESR 45.1.0 >>> >>> Errr... you mean Red Hat released a security update (see >>> https://rhn.redhat.com/errata/RHSA-2016-0695.html), and CentOS >>> rebuilt and released it. >>> >>> What, exactly, would you like the CentOS maintainers to do >>> differently? Are you volunteering your time to help? >> >> I would really like to help but I lack the time with many many demands >> on time I don't have. >> >> Centos might form a special interests group specifically for the >> existing Firefox ESR browser. Another poster recently stated Mozilla was >> dropping ESR versions which is likely to jeopardise browser stability. >> >> Ultimately it would be nice for a Firefox folk removing privacy >> breeches, phoning home, allowing web sites to secretly store data >> (despite options turned-off) and removal of lots of crap unnecessary for >> the vast majority of Enterprise users. It could eliminate the constant >> changes - often apparently just to amuse Firefox developers - which >> users seem to hate. >> >> When using the yum GUI update notification service, no reasons for >> updates are visible. >> >> No good issuing a security improvement when, as Johnny replied in >> another posting, >> >> " With respect to CentOS-5, it seems this patch was not >> migrated to the 45.0.1 install: >> >> https://bugzilla.redhat.com/attachment.cgi?id=1025187 >> >> from this bugzilla: >> >> https://bugzilla.redhat.com/show_bug.cgi?id=1221368 " >> >> essential parts were omitted. Perhaps Up-Stream were pre-occupied with >> another fundamental change to the product we know and love ? (well, not >> C7 yet) >> >> I use Firefox extensively for a multitude of tasks. > > OK, when red hat releases a firefox update, we build it. It is a > rebuild of the upstream code, as is are all other CentOS packages. > > So, we will work with the Red Hat maintainer to address any issues, like > we did with the unix plice bug .. BUT .. we will build and release any > source code that is released for RHEL .. that is what CentOS Linux is, a > rebuild of the RHEL Source Code, when it is released. > > So, it does not matter if the packages are broken or not. If the CentOS > team did not make changes that did the breaking, we will not be issueing > fixes UNTIL Red Hat does in the RHEL Source Code. It the centOS team > did make a branding change, and that change is responsible for breaking > something, we will of course fix that ASAP and release. > > In the case of this firefox release, Red Hat has acknowledged they need > to fix it in the RHEL Source Code here: > > https://bugzilla.redhat.com/show_bug.cgi?id=1221368 > > Therefore, I have made a new temporary version available here, for > people who would opt to get the new version and not wait: > > http://people.centos.org/hughesjr/firefox-45.1.0-1.1.el5.centos/ > > If you want either the 1386 and/or x86_64 versions, please manually > download and install them.It surfaces over and over again... I will try to stress it (from outside, as I am not in CentOS team) again. CentOS is binary replica of RedHat Enterprise Linux, and this is what it should stay, and we hope it will. We do use it because of what it is. And I at least once thanked myself for choosing RedHat, and then RedHat's descendant CentOS. You may remember when random number generator bug in Debian (great distribution IMHO !!) was discovered (that affected all Debian clones as well: Ubuntu, maemo...). My friend sysadmin next door - whose everything was Debian - was like a crazy re-generating all key pairs, certificates, and still you can't be sure then didn't walk in and... That day (those days actually) I was just sitting relaxed in my chair and thanked myself for choosing RedHat (Fedora and CentOS), as RedHad never had a flop of that level in my recollection. Let's thank CentOS team for the great job they are doing, and stop forcing them to stress over and over again that CentOS is binary replica of RedHat Enterprise (I know strictly speaking the last in not correct, but it is the most transparent way for me to say it). Grateful CentOS user, Valeri> > Thanks, > Johnny HUghes > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++