Bug#882156: firefox-esr: Upgrading firefox should somehow prompt users to restart running instances
Mike Hommey
mh at glandium.org
Sun Nov 19 22:33:29 UTC 2017
On Mon, Nov 20, 2017 at 07:26:15AM +0900, Mike Hommey wrote:
> On Sun, Nov 19, 2017 at 11:14:32PM +0100, Axel Beckert wrote:
> > Yay, Popcorn!
> >
> > Mike Hommey wrote:
> > > > Consider, for example, an unattended-upgrades process that
> > > > installs security updates automatically. Users may continue
> > > > to run instances of old insecure versions for long periods
> > > > with no indication that an upgrade has been installed.
> > > > Generally, Debian will restart long-running system processes
> > > > (i.e. daemons) in this sort of situation but not user processes.
> > > > This is a particular issue for firefox because of its security
> > > > characteristics.
> > >
> > > That's not limited to firefox. That's also true of libreoffice, gnome,
> > > chromium, etc.
> >
> > Nope. It's definitely not true for Chromium. (And not for the
> > Firefox-based Tor Browser either.) Chromium and Tor Browser both
> > notify their users as Phil wants it for Firefox. And as it had been
> > implemented (IMHO successfully) for Firefox years ago.
> >
> > That feature though was removed again from the Debian package (and
> > IIRC never managed to land in stable) as it was said to "not work
> > properly". I though can't remember that I ever had issues with that
> > feature, really appreciated the feature and never understood why it
> > was removed again from Debian's Firefox.
> >
> > So please reintroduce this feature again.
> >
> > Upstream should really understand the need for such feature as they're
> > copying everything Chrome/Chromium does anyway. So why not copying
> > that feature, too? </cynism>
>
> It's not because a few packages do it that the problem is not a general
> one in Debian.
Also, the chromium package doesn't have anything in postinst to do what
you claim it's doing, and doesn't seem to have files related to that in
the package, so if it does it, I don't know how it does. The mechanism
that iceweasel used in the past doesn't exist anymore.
Mike
More information about the pkg-mozilla-maintainers
mailing list