Only disallow downgrades to a lower major version of Firefox.
Categories
(Toolkit :: Startup and Profile System, defect, P1)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox77 | --- | fixed |
People
(Reporter: mkaply, Assigned: mossop)
References
Details
Attachments
(1 file)
Downgrade protection should only be based on major versions
Our latest breakage with our dot release is a great example of the problem.
Going from 69.0.2 to 69.0.1 caused a downgrade message and it should not have.
We don't (or at least we shouldn't) make profile changes in dot releases, so we shouldn't need to invoke downgrade protection in those cases.
|
Assignee | |
Comment 1•5 years ago
|
||
This is a product call, but when we discussed this I know JoeH was against it.
On the other hand, every few releases I have to downgrade a major version because of yet another accessibility bug. Profiles should be downgradable.
|
||
Comment 3•5 years ago
|
||
(In reply to Dave Townsend [:mossop] (he/him) from comment #1)
This is a product call, but when we discussed this I know JoeH was against it.
We have evidence from a large deployment that downgrade protection brings arguments to avoid deploying security patches in automated ways because of concerns that roll-backs won't be possible (i.e they will have to focus on testing more to ensure no regressions are introduced to green light dot release roll-outs).
I'll summarize the situation in a document that I'll get mossop and Mike to review prior to getting Joe's input.
|
|
Assignee | |
Updated•4 years ago
|
|
|
Assignee | |
Updated•4 years ago
|
|
|
Assignee | |
Updated•4 years ago
|
|
|
Assignee | |
Comment 4•4 years ago
|
||
|
||
Comment 6•4 years ago
•
|
||
Currently downgrade protection isn't even based on version comparison. Instead, it is based on compilation timestamp comparison, see bug 1629288
This issue should be fixed first.
|
|
Assignee | |
Comment 7•4 years ago
•
|
||
(In reply to yuri@tsoft.com from comment #6)
Currently downgrade protection isn't even based on version comparison. Instead, it is based on compilation timestamp comparison, see bug 1629288
Downgrade protection does currently compare the version, it just falls back to build ID if the versions match, as they do in your example in that bug
Pushed by dtownsend@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/ffa15679931a Only consider the major version part when checking for downgrades. r=glandium
|
|
||
Comment 9•4 years ago
|
||
Please also don't fall back to build ID, as it is currently the case.
|
||
Comment 10•4 years ago
|
||
| bugherder | ||
|
|
Assignee | |
Comment 11•4 years ago
|
||
(In reply to yuri@tsoft.com from comment #9)
Please also don't fall back to build ID, as it is currently the case.
This change does that.
|
||
Comment 12•4 years ago
|
||
Thank you for fixing this important bug.
I believe this patch should be backported to all supported major releases - it should not be just in a new major release, for obvious reasons.
|
||
Comment 13•4 years ago
|
||
Good for lifting to 68 ESR?
Bug 1642263 is an example that needs this
| Comment hidden (advocacy) |
|
|
||
Comment 16•4 years ago
|
||
Just noting that this affects Thunderbird too - a backport to Thunderbird's maintained releases would be highly appreciated. Thank you very much for your work.
|
|
Assignee | |
Comment 17•4 years ago
|
||
It's safe enough, but I think that product should make a call on whether that is a change appropriate in the middle of an ESR cycle.
|
|
||
Comment 18•4 years ago
|
||
Since disallowing downgrades was not a feature originally requested by enterprise users I don't feel there is a risk to bring this change to ESR 68.10 (i.e no expectation anyone would rely now on the new behavior) - very unlikely enterprises would be upset there, I assume most would be happier if the change comes-in earlier.
No product changes are made in-between main ESR releases although this can probably better considered as a bug fix - Mike do you see issues with lifting this to ESR?
|
|
||
Comment 20•4 years ago
|
||
Great, let's uplift to ESR68.
Description
•