[Mageia-dev] [RFC] How to proceed with seamonkey/iceape for security updates and freeze push

Wed Apr 4 22:59:30 CEST 2012

Am 26.03.2012 19:46, schrieb Florian Hubold:
> Hi all,
>
> i've taken a look at iceape and locally updated it to 2.7.2¹ after talking with
> maintainer
> about it, with the intent to at least push this to Mageia 1, because since
> initial import
> it has not received any security updates (and there are countless security problem)
> I've also completed the rebrand to iceape as far as i saw fit (change URL to
> release
> notes, applied some more debian rebranding patches, removed updater files and
> updater menu item, and some more smaller fixes, current svn diff is attached)
> and did some cleaning of old and unused stuff.
>
> ¹: I've only updated it to 2.7.2 as 2.8 does require newer NSPR, and that's a no-go
> for Mageia 1, which is my primary target.
>
>
>
> The biggest problem is: current maintainer does not have enough time to maintain
> it properly, and i'm not planning on doing it either, as i don't use it or know
> it well.
>
> There are at least 3 good options on how to proceed, apart from mga1 update:
>
>
> 1.
> push latest version to cauldron, and hope somebody will maintain it afterwards
> (this is the worst IMHO, as we'll probably face the same situation with a de-facto
> umaintained package throughout Mageia 2 lifetime, which i want to avoid)
>
>
> 2.
> drop iceape, package as seamonkey again and sync with Fedora
> (this one would at least make maintenance easier, only need to follow Fedora)
>
>
> 3.
> drop iceape completely
> (actually this has the advantage that users can have official upstream binaries,
> and take advantage of automatic updates. Current maintainer agrees with this,
> as it's simply too fragile for him to maintain it easily.
> If somebody is against this, please step up as maintainer or help the current
> maintainer)
>
>
> I'm currently in contact with some seamonkey developers, to maybe clear up
> why/if the
> rebrand is needed, if it's needed like it's currently done, and why Fedora can
> simply
> ship seamonkey without the need for a rebrand, but the dialog may take some
> time, this
> would be only relevant for option 2.
>
>
> If nobody responds, i'll push my current work as security update for Mageia 1,
> and drop iceape from cauldron so that we won't have an outdated package and
> a potential security risk for Mageia 2.
>
>
> Kind regards
>
As there was no real objection, and no other comments
or votes for iceape, i've dropped it from cauldron. FWIW i'm quite
unhappy with this. Related, i've also not got any reply yet to my
aforementioned inquiry about mozilla branding permissions.