Bug#882156: firefox-esr: Upgrading firefox should somehow prompt users to restart running instances
Mike Hommey
mh at glandium.org
Sun Nov 19 22:26:15 UTC 2017
On Sun, Nov 19, 2017 at 11:14:32PM +0100, Axel Beckert wrote:
> Yay, Popcorn!
>
> Mike Hommey wrote:
> > > Consider, for example, an unattended-upgrades process that
> > > installs security updates automatically. Users may continue
> > > to run instances of old insecure versions for long periods
> > > with no indication that an upgrade has been installed.
> > > Generally, Debian will restart long-running system processes
> > > (i.e. daemons) in this sort of situation but not user processes.
> > > This is a particular issue for firefox because of its security
> > > characteristics.
> >
> > That's not limited to firefox. That's also true of libreoffice, gnome,
> > chromium, etc.
>
> Nope. It's definitely not true for Chromium. (And not for the
> Firefox-based Tor Browser either.) Chromium and Tor Browser both
> notify their users as Phil wants it for Firefox. And as it had been
> implemented (IMHO successfully) for Firefox years ago.
>
> That feature though was removed again from the Debian package (and
> IIRC never managed to land in stable) as it was said to "not work
> properly". I though can't remember that I ever had issues with that
> feature, really appreciated the feature and never understood why it
> was removed again from Debian's Firefox.
>
> So please reintroduce this feature again.
>
> Upstream should really understand the need for such feature as they're
> copying everything Chrome/Chromium does anyway. So why not copying
> that feature, too? </cynism>
It's not because a few packages do it that the problem is not a general
one in Debian.
Mike
More information about the pkg-mozilla-maintainers
mailing list