[Mageia-dev] [RFC] How to proceed with seamonkey/iceape for security updates and freeze push

Florian Hubold doktor5000 at arcor.de
Mon Mar 26 19:46:56 CEST 2012


Hi all,

i've taken a look at iceape and locally updated it to 2.7.2¹ after talking with
maintainer
about it, with the intent to at least push this to Mageia 1, because since
initial import
it has not received any security updates (and there are countless security problem)
I've also completed the rebrand to iceape as far as i saw fit (change URL to
release
notes, applied some more debian rebranding patches, removed updater files and
updater menu item, and some more smaller fixes, current svn diff is attached)
and did some cleaning of old and unused stuff.

¹: I've only updated it to 2.7.2 as 2.8 does require newer NSPR, and that's a no-go
for Mageia 1, which is my primary target.



The biggest problem is: current maintainer does not have enough time to maintain
it properly, and i'm not planning on doing it either, as i don't use it or know
it well.

There are at least 3 good options on how to proceed, apart from mga1 update:


1.
push latest version to cauldron, and hope somebody will maintain it afterwards
(this is the worst IMHO, as we'll probably face the same situation with a de-facto
umaintained package throughout Mageia 2 lifetime, which i want to avoid)


2.
drop iceape, package as seamonkey again and sync with Fedora
(this one would at least make maintenance easier, only need to follow Fedora)


3.
drop iceape completely
(actually this has the advantage that users can have official upstream binaries,
and take advantage of automatic updates. Current maintainer agrees with this,
as it's simply too fragile for him to maintain it easily.
If somebody is against this, please step up as maintainer or help the current
maintainer)


I'm currently in contact with some seamonkey developers, to maybe clear up
why/if the
rebrand is needed, if it's needed like it's currently done, and why Fedora can
simply
ship seamonkey without the need for a rebrand, but the dialog may take some
time, this
would be only relevant for option 2.


If nobody responds, i'll push my current work as security update for Mageia 1,
and drop iceape from cauldron so that we won't have an outdated package and
a potential security risk for Mageia 2.


Kind regards


More information about the Mageia-dev mailing list