[Mageia-dev] [RFC] How to proceed with seamonkey/iceape for security updates and freeze push

Mon Mar 26 19:53:01 CEST 2012

Am 26.03.2012 19:46, schrieb Florian Hubold:
> Hi all,
>
> i've taken a look at iceape and locally updated it to 2.7.2¹ after talking with
> maintainer
> about it, with the intent to at least push this to Mageia 1, because since
> initial import
> it has not received any security updates (and there are countless security problem)
> I've also completed the rebrand to iceape as far as i saw fit (change URL to
> release
> notes, applied some more debian rebranding patches, removed updater files and
> updater menu item, and some more smaller fixes, current svn diff is attached)
> and did some cleaning of old and unused stuff.
Sorry, fingers were too fast, not attached, as it's quite big, but here's a
pastebin
of it if somebody is really interested: http://pastebin.com/LKVPEpgG
>
> ¹: I've only updated it to 2.7.2 as 2.8 does require newer NSPR, and that's a no-go
> for Mageia 1, which is my primary target.
>
>
>
> The biggest problem is: current maintainer does not have enough time to maintain
> it properly, and i'm not planning on doing it either, as i don't use it or know
> it well.
>
> There are at least 3 good options on how to proceed, apart from mga1 update:
>
>
> 1.
> push latest version to cauldron, and hope somebody will maintain it afterwards
> (this is the worst IMHO, as we'll probably face the same situation with a de-facto
> umaintained package throughout Mageia 2 lifetime, which i want to avoid)
>
>
> 2.
> drop iceape, package as seamonkey again and sync with Fedora
> (this one would at least make maintenance easier, only need to follow Fedora)
>
>
> 3.
> drop iceape completely
> (actually this has the advantage that users can have official upstream binaries,
> and take advantage of automatic updates. Current maintainer agrees with this,
> as it's simply too fragile for him to maintain it easily.
> If somebody is against this, please step up as maintainer or help the current
> maintainer)
>
>
> I'm currently in contact with some seamonkey developers, to maybe clear up
> why/if the
> rebrand is needed, if it's needed like it's currently done, and why Fedora can
> simply
> ship seamonkey without the need for a rebrand, but the dialog may take some
> time, this
> would be only relevant for option 2.
>
>
> If nobody responds, i'll push my current work as security update for Mageia 1,
> and drop iceape from cauldron so that we won't have an outdated package and
> a potential security risk for Mageia 2.
>
>
> Kind regards
>