Closed Bug 295893 Opened 20 years ago Closed 20 years ago

Suggestion for Security Patch Level version be mainained in Firefox, to avoid problems like the 1.0.4 update on Ubuntu Linux

Categories

(Firefox :: Security, enhancement)

Product:
Firefox
Component:
Security
Platform:
x86
Linux
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: tlepes, Unassigned)

References

(
URL
)

Details

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050526 Firefox/1.0.4 (Ubuntu package 1.0.4) Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050526 Firefox/1.0.4 (Ubuntu package 1.0.4) As you may know, when Ubuntu applied the security updates from 1.0.4 to their production release of Firefox 1.0.2, there were problems accessing the firefox extensions pages. This was done as a kludge to prevent non-upgraded versions of Firefox from getting in. Simplest way to avoid issues with users would have been to put a button at the end of the warning that would allow users to continue on anyway. But as suggested in Ubuntu's Bugzilla #10681 (https://bugzilla.ubuntu.com/show_bug.cgi?id=10681), maybe Firefox could start keeping an internal security patchlevel version number that could be used for such cases. Ubuntu has good reasons for doing security-only updates to the released software packages on Hoary (Ubuntu 5.0.4). Having a separate security patch level version string could make this all make more sense. It would be more manageable all around. I am still a little confused perhaps, but I believe that Ubuntu's Firefox "1.0.4" is actually 1.0.2 with security updates backported from Mozilla Firefox 1.0.3 and 1.0.4. With a patch level, the "About" page could say something like "Ubuntu build Firefox version 1.0.2, Security Patch Level 1.0.4". Reproducible: Always Steps to Reproduce: 1. 2. 3.
Wontfix. We don't need yet another version to track. And that's not a viable solution for the problem anyway, since user agent is sent, but arbitrary other properties aren't.
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → WONTFIX
I want to note: 1.0.4 == 1.0.2 plus security updates. why doesn't ubuntu just ship that?
You need to log in before you can comment on or make changes to this bug.