[Mageia-dev] [RFC] How to proceed with seamonkey/iceape for security updates and freeze push

Thu Apr 5 08:11:21 CEST 2012

Op woensdag 04 april 2012 22:59:30 schreef Florian Hubold:
> Am 26.03.2012 19:46, schrieb Florian Hubold:
> > Hi all,
> > 
> > i've taken a look at iceape and locally updated it to 2.7.2¹ after
> > talking with maintainer
> > about it, with the intent to at least push this to Mageia 1, because
> > since initial import
> > it has not received any security updates (and there are countless
> > security problem) I've also completed the rebrand to iceape as far as i
> > saw fit (change URL to release
> > notes, applied some more debian rebranding patches, removed updater files
> > and updater menu item, and some more smaller fixes, current svn diff is
> > attached) and did some cleaning of old and unused stuff.
> > 
> > ¹: I've only updated it to 2.7.2 as 2.8 does require newer NSPR, and
> > that's a no-go for Mageia 1, which is my primary target.
> > 
> > 
> > 
> > The biggest problem is: current maintainer does not have enough time to
> > maintain it properly, and i'm not planning on doing it either, as i
> > don't use it or know it well.
> > 
> > There are at least 3 good options on how to proceed, apart from mga1
> > update:
> > 
> > 
> > 1.
> > push latest version to cauldron, and hope somebody will maintain it
> > afterwards (this is the worst IMHO, as we'll probably face the same
> > situation with a de-facto umaintained package throughout Mageia 2
> > lifetime, which i want to avoid)
> > 
> > 
> > 2.
> > drop iceape, package as seamonkey again and sync with Fedora
> > (this one would at least make maintenance easier, only need to follow
> > Fedora)
> > 
> > 
> > 3.
> > drop iceape completely
> > (actually this has the advantage that users can have official upstream
> > binaries, and take advantage of automatic updates. Current maintainer
> > agrees with this, as it's simply too fragile for him to maintain it
> > easily.
> > If somebody is against this, please step up as maintainer or help the
> > current maintainer)
> > 
> > 
> > I'm currently in contact with some seamonkey developers, to maybe clear
> > up why/if the
> > rebrand is needed, if it's needed like it's currently done, and why
> > Fedora can simply
> > ship seamonkey without the need for a rebrand, but the dialog may take
> > some time, this
> > would be only relevant for option 2.
> > 
> > 
> > If nobody responds, i'll push my current work as security update for
> > Mageia 1, and drop iceape from cauldron so that we won't have an
> > outdated package and a potential security risk for Mageia 2.
> > 
> > 
> > Kind regards
> 
> As there was no real objection, and no other comments
> or votes for iceape, i've dropped it from cauldron. FWIW i'm quite
> unhappy with this. Related, i've also not got any reply yet to my
> aforementioned inquiry about mozilla branding permissions.

About the mozilla branding...

Perhaps this should be a meeting point for packaging/council meeting...

ie: someone assigned to this point so it's not forgotten.