Wednesday, 23 August 2017

Old Firefox versions discourage real-world testing of Ubuntu development versions


Hi all-

First, I apologize if I'm not sending this to the right place -- I have no idea who exactly to contact about this, and thought this general mailing list wasn't too bad a choice.

I use Kubuntu on all of my machines, though the specific flavor of Ubuntu isn't too important in this discussion, and I've usually run development versions of Kubuntu on my laptop, while preferring a more stable version for my work and home desktops. I'm generally of the opinion that "all-in" real-world usage is much more informative for testing than booting an ISO image in a VM and poking around a bit, and I'm happy to accept some occasional breakage from new/untested packages in case it produces a useful bug report that keeps an issue from making it into the release of some version of Ubuntu.

I would very much like to use the current development version of Kubuntu 17.10 on my laptop, but I'm very uneasy about this since 17.10 only includes Firefox 50.1.0 in the ISO images (and no new versions are installed through `apt update; apt full-upgrade`). As I understand it, FIrefox 55 fixes some major security issues and there's no way I'd want to use 50.1.0 for everyday browsing, which has the effect of making 17.10 unusable for testing via full-time usage.

I asked a similar question ( at Ubuntu Answers about two years ago, referencing what was the development version of Ubuntu 15.10, and finally remembered/realized that this might be worth bringing up to a wider audience. I feel that some of my comments in that question still apply, like:

I accept instability and frequent bugs/changes in development versions of Kubuntu, which is why I have all of my systems configured to take btrfs snapshots of all available subvolumes on every boot. I am quite used to updates breaking my system and having to revert to a previous snapshot, then waiting a few days to upgrade packages again. In all of these cases, the bugs and instability that I am accustomed to are from packages being too *new* and untested, not too *old* and containing known security vulnerabilities that have been exploited in the wild. I accept the responsibility for installing updates that might potentially make my system inoperable, but this issue is about the *lack* of updates in a critical package.

I believe that the best way to find bugs and issues in beta software is to attempt to go "all in" and use it full-time as I am doing on my laptop; booting an ISO in a VM and poking around a bit will likely not expose any issues that will be found by real-world usage. As such, it seems counterproductive to delay security updates to critical packages, since this will unnecessarily deter people from doing thorough testing and make it more likely that large issues will make it into the release instead of being discovered earlier.


Is there a specific policy or technical reason for Ubuntu development versions to only receive Firefox updates in "proposed" instead of "release" before a certain point? Updates in that channel are not included in ISO images or available through normal apt-get updates.

If there is no policy or technical reason forbidding this, I would like to respectfully request (as a user and prospective beta tester) that new versions of Firefox be available in Ubuntu development versions shortly after being published for released Ubuntu versions.

Thank you for your time,