[CentOS] C5: The Firefox ESR 45.1.0 Nighmare

Fri Apr 29 15:55:44 UTC 2016
Valeri Galtsev <galtsev at kicp.uchicago.edu>

On Fri, April 29, 2016 7:22 am, Johnny Hughes wrote:
> On 04/28/2016 10:20 PM, Always Learning wrote:
>> On Thu, 2016-04-28 at 22:27 -0400, Jonathan Billings wrote:
>>> On Fri, Apr 29, 2016 at 02:23:32AM +0100, Always Learning wrote:
>>>> Centos replaced well-running customise Firefox with version ESR 45.1.0
>>> Errr... you mean Red Hat released a security update (see
>>> https://rhn.redhat.com/errata/RHSA-2016-0695.html), and CentOS
>>> rebuilt and released it.
>>> What, exactly, would you like the CentOS maintainers to do
>>> differently?  Are you volunteering your time to help?
>> I would really like to help but I lack the time with many many demands
>> on time I don't have.
>> Centos might form a special interests group specifically for the
>> existing Firefox ESR browser. Another poster recently stated Mozilla was
>> dropping ESR versions which is likely to jeopardise browser stability.
>> Ultimately it would be nice for a Firefox folk removing privacy
>> breeches, phoning home, allowing web sites to secretly store data
>> (despite options turned-off) and removal of lots of crap unnecessary for
>> the vast majority of Enterprise users. It could eliminate the constant
>> changes - often apparently just to amuse Firefox developers - which
>> users seem to hate.
>> When using the yum GUI update notification service, no reasons for
>> updates are visible.
>> No good issuing a security improvement when, as Johnny replied in
>> another posting,
>> 	" With respect to CentOS-5, it seems this patch was not
>> 	 migrated to the 45.0.1 install:
>> 	https://bugzilla.redhat.com/attachment.cgi?id=1025187
>> 	from this bugzilla:
>> 	https://bugzilla.redhat.com/show_bug.cgi?id=1221368 "
>> essential parts were omitted. Perhaps Up-Stream were pre-occupied with
>> another fundamental change to the product we know and love ? (well, not
>> C7 yet)
>> I use Firefox extensively for a multitude of tasks.
> OK, when red hat releases a firefox update, we build it.  It is a
> rebuild of the upstream code, as is are all other CentOS packages.
> So, we will work with the Red Hat maintainer to address any issues, like
> we did with the unix plice bug .. BUT .. we will build and release any
> source code that is released for RHEL .. that is what CentOS Linux is, a
> rebuild of the RHEL Source Code, when it is released.
> So, it does not matter if the packages are broken or not.  If the CentOS
> team did not make changes that did the breaking, we will not be issueing
> fixes UNTIL Red Hat does in the RHEL Source Code.  It the centOS team
> did make a branding change, and that change is responsible for breaking
> something, we will of course fix that ASAP and release.
> In the case of this firefox release, Red Hat has acknowledged they need
> to fix it in the RHEL Source Code here:
> https://bugzilla.redhat.com/show_bug.cgi?id=1221368
> Therefore, I have made a new temporary version available here, for
> people who would opt to get the new version and not wait:
> http://people.centos.org/hughesjr/firefox-45.1.0-1.1.el5.centos/
> If you want either the 1386 and/or x86_64 versions, please manually
> download and install them.

It surfaces over and over again... I will try to stress it (from outside,
as I am not in CentOS team) again.

CentOS is binary replica of RedHat Enterprise Linux, and this is what it
should stay, and we hope it will. We do use it because of what it is. And
I at least once thanked myself for choosing RedHat, and then RedHat's
descendant CentOS. You may remember when random number generator bug in
Debian (great distribution IMHO !!) was discovered (that affected all
Debian clones as well: Ubuntu, maemo...). My friend sysadmin next door -
whose everything was Debian - was like a crazy re-generating all key
pairs, certificates, and still you can't be sure then didn't walk in
and... That day (those days actually) I was just sitting relaxed in my
chair and thanked myself for choosing RedHat (Fedora and CentOS), as
RedHad never had a flop of that level in my recollection.

Let's thank CentOS team for the great job they are doing, and stop forcing
them to stress over and over again that CentOS is binary replica of RedHat
Enterprise (I know strictly speaking the last in not correct, but it is
the most transparent way for me to say it).

Grateful CentOS user,


> Thanks,
> Johnny HUghes
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos

Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247