[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: xulrunner and silent breakage of downstream apps



On Fri, Jun 20, 2008 at 7:51 AM, Michel Salim <michel sylvan gmail com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> The recent push of xulrunner-1.9 and Firefox 3 broke Miro and devhelp
> (https://admin.fedoraproject.org/updates/F9/pending/devhelp-0.19.1-2.fc9)
> again.
>
> Is there a way to declare these kinds of dependencies that we are not
> using right now? Should Miro and devhelp specifically require xulrunner
> = %{version}-%{release} -- or perhaps a more administrative solution;
> block a non-security release of xulrunner for at least one day and
> automatically notify the maintainers of its dependents?

xulrunner was suppose to stop this from happening with a stable api. I
suspect that prior to v1.9 final there was no guarantee of this but
now its stable you should be able to require >= 1.9 and 1.9.0.x until
at leat 1.9.1 (Firefox 3.1) comes out. The idea of xulrunner in Fedora
being that if there's a security bug in gecko they can ship a new
version of xulrunner and all the apps that use it that are shipped in
Fedora are automatically secured.

Peter


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]