
Renaming Iceweasel to Firefox - leo2urlevan
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815006
======
txutxu
People,

This is great news for few of us.

But it has been hard to read trough this comments and realize how much
ignorance about what Debian is, how it works, what the Debian bug tracker is,
what a voluntary-based project is, and to read some assertions and prepotency
around in HN

If you see ANYTHING wrong with Debian, go fix it, or shut up and go to sell
your stuff to another one.

Debian is not a startup. Debian is not an elastic architecture in the cloud to
support/pay-for traffic peaks. Debian may benefit from your solutions and
resources, if you're so good. Debian isn't perfect.

The Debian bugtracker maybe not the web application I could write in 2016, but
I'm conscious on how much work has been around it, and it's ecosystem, how
much I'm in debt with the Debian bug tracker as opensource user, and how much
should I THANK to the people who did work on it, who works on it and who uses
it, and even translates it

Depressing to sometimes find great threads, and sometimes loose the time with
subjective views, inexperienced reviews, false and incomplete assertions,
haters, and mass style thinking.

I'm scared to imagine on hands of what kind of people there are technological
choices... or to think that people gets influenced by content creators of this
level... maybe I'm lucky and most of those opinions I dislike, are not from
real engineers/hackers, but from lost re-users, and people without humility
repeating what they find shocking, like a child of 3 years.

Feel free to downvote without reasoning why.

~~~
protomyth
> If you see ANYTHING wrong with Debian, go fix it, or shut up and go to sell
> your stuff to another one.

Ok, so Debian is a developers-only distribution?

> Feel free to downvote without reasoning why.

I didn't bother, but "Please don't bait other users by inviting them to
downvote you or announce that you expect to get downvoted."
[https://news.ycombinator.com/newsguidelines.html](https://news.ycombinator.com/newsguidelines.html)

~~~
cbd1984
> Ok, so Debian is a developers-only distribution?

This might not be a bad characterization of where it sits now.

If you want a hand-holding "user-friendly" (and I use the term advisedly,
based on the common, flawed conception of what a "user" is), create one _based
on_ Debian, leveraging the Debian tools and packages and processes to make an
Ubuntu or Mint or something else.

Debian isn't a meta-distribution. It is a distribution in its own right.
However, it is commonly used as the foundation for a different distribution,
with different goals and different ways of relating to the world. Debian
itself remains unchanged, ready to base another distribution off of, and
another, and another...

~~~
yebyen
For a plug of my friend Thanatermesis' great Debian-based distribution, which
recognizes the distro and free-software ethos is not always fully conducive to
a positive user experience at the forefront...

[http://www.elivecd.org/](http://www.elivecd.org/) \- The latest release is
always based on Debian Stable and is currently under active development. The
whole system is changed in (mostly subtle) ways to make it more attractive to
a new Linux user. This is Debian, with some additions. I push this to any
friends who say they are interested in Linux, but maybe just want to try it
first.

I would not recommend Ubuntu to a new user (unless they were my employee, we
use it at work) or Mint for that matter. I would not recommend Debian in spite
of using it myself at home, because I don't always want to be the Debian
support guy, or have to be the one to say RTFM. Elive tries to be as self-
explanatory as possible, even in its somewhat Tarzanic way.

~~~
chei0aiV
Hmm, the website says "Elive is not made for newbies".

~~~
yebyen
The website says a lot of things, he's probably right, but as a newbie IMHO
your first task is to compile enlightenment, and in elive that's already done
for you...

------
ryandrake
> Mozilla releases new Firefox releases every 6 to 8 weeks. In parallel of
> these rapid releases [...]

One of the fun differences between the various organizations I've worked for
is the differing ideas of how frequently releases should happen and what is
considered "fast" and "slow" in different places. I've seen release cycles
measured in weeks and those measured in years. I'm sure there are places that
release every N days. How people get used to some particular cadence and start
believing that it's the only proper (or possible) way! One of the achievements
I'm most proud of is helping a group make a difficult transition from a long,
irregular cadence to a fast, predictable one. Going from a release process of
"Release when company leadership subjectively thinks it's ready" to "Release
every 4 weeks on the day" can at first rattle some people who are attached to
The Way We've Always Done It, and it requires more discipline in terms of
development practices, testing, feature creep, etc. But it can be done!

Not saying a faster or slower cycle is needed for Debian or Mozilla (it would
depend on a huge number of factors), but your release cadence shouldn't be
considered some immovable law of nature.

~~~
legulere
I find it very interesting that they are adopting a different release schedule
for Firefox than the rest of Debian stable. People that care about fast
release cycles probably really just care about few minor things being up to
date, while administrators don't care about which programs/libraries make
problems when updating as long as the total amount of breakages in a certain
time isn't too high.

~~~
vacri
This is probably due to the specific nature of browser upgrades, which is the
reason why firefox and chrome went to 6-week autoupgrade schedules for
clients: people expect a hell of a lot from their browsers; troubleshooting a
fractured version environment in such a complex field is next to impossible;
important security updates need to be pushed.

So you end up with two main releases for the browser, one is the standard one
that updates every six weeks, and the other has a more stable 'extended
support' environment that just gets bugfixes, for places that can't easily
deal with changes very often (like a business or education SOE). Debian stable
usually lasts for about two years, and modern browser releases would find that
impossible to support.

------
esaym
Funny, I've been running Debian since 2007. I mainly got hooked on their
'testing' branch since it is just "always up to date".

But I always get people looking over my shoulder and asking "what the heck is
'iceweasel'. To which I explain the whole issue of Debian was distributing a
patched version of Firefox with their OS back in ~2007 era and Mozilla, for
trademark reasons, said you can't modify the browser and still distribute it
with the official logos and name. Which lead to Iceweasel... but then a few
years later Mozilla changed the license terms so now I guess here we are....

~~~
currysausage
_> I mainly got hooked on their 'testing' branch since it is just "always up
to date"._

Note that _testing_ doesn't get the same level of security support as _stable_
: _" Compared to stable and unstable, next-stable testing has the worst
security update speed. Don't prefer testing if security is a concern."_ [1];
more details: [2], [3], [4].

[1]
[https://wiki.debian.org/DebianTesting#Considerations](https://wiki.debian.org/DebianTesting#Considerations)

[2]
[https://wiki.debian.org/Status/Testing](https://wiki.debian.org/Status/Testing)

[3]
[https://www.debian.org/security/faq#testing](https://www.debian.org/security/faq#testing)

[4] [http://secure-testing-master.debian.net/](http://secure-testing-
master.debian.net/)

~~~
chei0aiV
You can slightly speed it up by using apt pinning to get security updates from
Debian unstable (but other packages from testing) when available.

[https://bugs.debian.org/725934](https://bugs.debian.org/725934)

To speed it up even more you would need to follow the unstable/testing pages
on the security tracker and file bugs to get maintainers to do fixes and do
NMUs when maintainers are on vacation or missing.

[https://security-
tracker.debian.org/tracker/status/release/u...](https://security-
tracker.debian.org/tracker/status/release/unstable) [https://security-
tracker.debian.org/tracker/status/release/t...](https://security-
tracker.debian.org/tracker/status/release/testing)

------
DHowett
It's interesting that the Paul brings up the trademark license clause
regarding for-pay distribution.

    
    
        If you are using the Mozilla Mark(s) for the unaltered binaries you
        are distributing, you may not charge for that product.
    

While it restricts a freedom that Debian is unlikely to exercise, it's still a
restriction. Presumably, that makes the trademark license indigestible to the
Debian foundation?

~~~
tonyarkles
Ahhhhhh, I've always wondered about clauses like that with the distribution of
software compilations. For example, I can buy a Debian boxed set from here:
[http://www.jbox.ca/product-category/computers-
tablets/softwa...](http://www.jbox.ca/product-category/computers-
tablets/software/linux-cds-dvds/debian-cds-dvds/) or any of the other
distributors:
[https://www.debian.org/CD/vendors/](https://www.debian.org/CD/vendors/). I
_think_ a clause like that would prevent them from selling those.

~~~
kbenson
I'm fairly sure when you are buying physical copies of Linux distributions you
are buying the service of compiling and copying it and providing physical
media, the box, any manuals, etc. The source code at a minimum must be made
freely available to others. That is, they aren't charging for the code
delivered, but the delivery itself and the physical media.

~~~
geofft
You're permitted (under both the GPL and the DFSG) to restrict who you make
the code available to, and to charge them for it. The only requirement is that
the _recipient_ have the right to _further redistribute_ the sources, without
being compelled to restrict who they distribute it to, or being compelled to
charge for it.

That is, it is entirely legitimate and legal for me to make a Debian
derivative where the only means of distribution is that I charge you $30/month
for a CD of my distribution (including source to any patches I apply), and I
don't distribute it otherwise. I just have to give you the right to rip the CD
and put it online for free, if you so choose.

~~~
kbenson
I'm not sure if this is meant to imply they don't have to offer the source in
some form or just a clarification of my prior comment, but I think it's pretty
clear from GPL 3.0 section 6[1] that it is required, and the most recompense
you can get from this is "for a price no more than your reasonable cost of
physically performing this conveying of source", as if it's network accessible
it must be free. So, at least part of my prior comment was incorrect, you do
not need to provide it free of charge, but the only charge you can require,
and then only for providing it on a durable physical medium, is the reasonable
cost of doing so.

1:
[http://www.gnu.org/licenses/gpl-3.0.en.html](http://www.gnu.org/licenses/gpl-3.0.en.html)

~~~
geofft
Well, you can charge for the software as a whole, which I read your comment to
claim you can't. I can absolutely say, hey, here's AwesomeDebianFork 1.0 with
some custom patches on GPL code, you can get a CD set of binaries + source for
$99. I don't have to resort to circumlocutions about service, and I don't have
to make the source available to anyone else. ( _You_ are free to copy that
source CD, though.)

The only thing I can't do is to say, the CD for AwesomeDebianFork 1.0 binaries
is $9 and the CD for AwesomeDebianFork 1.0 sources is $90. (The GPL would
reject this as not being "reasonable"; the DFSG would reject this outright for
violating #2, "The program must include source code".)

~~~
kbenson
> Well, you can charge for the software as a whole, which I read your comment
> to claim you can't.

Ah, yeah, that was an aspect of my original comment I wasn't thinking of, but
was implying, and I had glossed over that in your reply. Thanks for correcting
me and clarifying. :)

------
shmerl
Related:
[https://bugzilla.mozilla.org/show_bug.cgi?id=555935](https://bugzilla.mozilla.org/show_bug.cgi?id=555935)

Also, Debian is really lacking some more modern bug management / issue
tracking system.

It might be useful to provide e-mail interface for it, but I fail to see why
it also can't be managed from some site at the same time instead of limiting
it to read only view.

~~~
astrodust
Although GitHub Issues has a lot of issues, for the singular reason that you
can opt-in and opt-out of notifications on particular subjects I find it
_vastly_ more useful than most bug trackers.

Is there a good open-source GitHub alternative that implements this feature?

~~~
jhasse
> you can opt-in and opt-out of notifications on particular subjects

What do you mean by that? Doesn't every bug tracker implement that feature?

~~~
astrodust
The ones I've used in the past relentlessly spam you about every little thing
for every issue or tell you nothing about anything. There's very little in the
way of fine-grained control.

I understand some people prefer email for following up on these things, but
destroying my inbox by following a busy project is not something I'll ever do.
GitHub's default is to notify project owners, issues you've participated in or
actively followed, or those you're mentioned in. I think that's fair.

You can also "one click unsubscribe" to them at any time, which is great.

Others I've been subjected to are things that are barely more than mailing
lists. I have no idea how people deal with these.

~~~
jhasse
I see. I have used trac and bugzilla and both work similar to GitHub (you only
subscribe to issues you participate in)

~~~
astrodust
If that's the case, I bet the projects I've had the displeasure of working
with were using wildly out of date versions of those tools.

------
Touche
> On the contrary, Debian having a longer release cycle (about every two
> years), release cycles don't align.

Then change your release cycle. Seriously, it's not that hard. Say that
browsers are different and get released frequently. Create a firefox-lts
package that is updated at the beginning of your Debian release cycle -- and
never again. Let the firefox package be the firefox package, updated as
frequently as upstream wants.

~~~
twunde
If you don't like the 2 year release cycle, use Ubuntu, which is Debian-based.
Debian maintains such long release cycles because the tolerance for bugs and
incompatibilities are smaller than other linux distros. For long-lived
applications or applications that have long planning periods Debian is ideal.
NASA uses Debian, because their projects are measured in years, have low
tolerances for bugs, and are developed to last 5+ years. Simply put, Debian's
release model is for a different use-case than your typical web development
project

~~~
Touche
What does this have to do with Firefox? Is NASA writing rovers as Web apps? If
not what does it matter which version of Firefox is installed?

~~~
jcrawfordor
User experience stability is often a real problem in the corporate or
institutional world. Keeping a maximally stable version of Firefox will help
corporate users a lot - it's not even necessarily about stability as much as
it's about user retraining, in-house extensions, etc.

------
digi_owl
I keep finding it puzzling that Debian would opt to maintain a fork of
Firefox, while at the same time go all in with systemd because it would be too
much effort to maintain something else.

------
oliwarner
Congratulations HN, OP, we DDoSed the debian bug tracker.

Please be considerate when linking to webapps. If there's a static or cached
version available, please post that.

In this case Debian's tracker mirrors everything to publicly mirrored mail
servers (which are static), ie: [https://www.mail-archive.com/debian-bugs-
dist@lists.debian.o...](https://www.mail-archive.com/debian-bugs-
dist@lists.debian.org/msg1397739.html)

~~~
nitrogen
Or write faster apps? Caching pages for logged-out users is part of web site
performance 101.

~~~
windsurfer
Debbugs works great for being last updated 12 years ago. It's main interface
is email, after all, so the web interface is read-only. I think the real issue
here is the hardware it's running on.

~~~
mwcampbell
Forking a new process to run a Perl CGI script for every request is going to
be far from optimal on any hardware.

------
scrollaway
Doesn't look to be responding. Mirror:

[https://webcache.googleusercontent.com/search?q=cache:PtAvYw...](https://webcache.googleusercontent.com/search?q=cache:PtAvYwWqUBMJ:https://bugs.debian.org/cgi-
bin/bugreport.cgi%3Fbug%3D815006&num=1&hl=en&gl=gr&strip=1&vwsrc=0)

------
rewqfdsa
That's disappointing; the article mentions that Mozilla is happy with Debian's
patch set, but I don't think they'd be happy with a patch that disabled
mandatory extension signing. I was looking forward to Iceweasel sparing us
from that anti-user nonsense.

------
moron4hire
I don't understand why Debian has anything to do with Firefox. Why does the
operating system have any say on what applications get released and how often?
Isn't this the whole point of using free, open source software? To be able to
choose your own components? Why do we need Debian bundling Firefox?

~~~
steveklabnik
Debian user and Mozilla employee who uses Iceweasel here. I work on Rust, not
Firefox though.

    
    
      > Why does the operating system have any say on what applications get released
      > and how often?
    

This has to do with the interaction between the original authors and the
distribution itself. Let's go through an example:

1\. I, Steve, write some bit of software, libfoo, and host it on my GitHub
page.

2\. Debian users would like to use libfoo. They have two options at this
point: download and build libfoo from me, or get it from Debian's package
repository.

3\. In order to be put into Debian's repository, a suitable package needs to
be created. What exactly that means depends on the package itself, but
sometimes it's about things like "which paths are searched by default".
Anything that integrates with the overall system. So someone, probably not
even me, would need to say "I'm going to maintain a package for libfoo in
Debian." They are responsible for taking from "upstream", my GitHub page, and
producing a .deb for inclusion in Debian's repositories. This may involve
modifying libfoo in some ways. It depends.

At any time, a user of Debian can choose: Do I get libfoo from Steve's GitHub,
or do I get libfoo from apt? The reason that you might choose the latter is
because Debian knows Debian better than I do. (Well, I said I use Debian
above, but this works across distros, basically. I have no clue what Fedora's
norms are, for example.) The package from Debian's repositories will be better
integrated into the system, and will be tested for compatibility with other
packages. Part of this is due to the release cycle of Debian itself; and this
is what's being discussed here. It's not about when Firefox is released, it's
about when the Debian package for Firefox is released. And what version of
that package corresponds to which upstream version?

So! Back to this bug. Due to some... history between Mozilla and Debian,
Debian's package for Firefox couldn't be called "Firefox." So it was rebranded
to "Iceweasel." This bug is about re-synching the names, and having the
Debian-provided package produce "Firefox" again.

Does that make sense?

~~~
moron4hire
I understand what you are saying, but it doesn't make sense. It sounds like a
really bad way to do software development.

~~~
shmerl
What's the alternative? If you will try installing random stuff you'll get
dependencies hell. Another extreme is self contained software, when each
application bundles its own dependencies. Android does that more or less. But
such approach causes major bloat and also increases security risks because you
need to patch each application and its dependencies (which are duplicated in
the multiple variants) once vulnerabilities are discovered.

Any better ideas than these two?

~~~
jimmaswell
The bloat from self-contained software really isn't that much. It doesn't
cause a space problem even on the small amount of space on an Android device.

~~~
shmerl
It depends on how many dependencies we are talking about. And more than bloat,
security issues are critical.

