back to article Another Debian dust-up with Firefox dependencies – but there is an annoying and awkward workaround

Debian is having problems with a current version of Firefox that leaves users with a dangerously outdated browser. One of the grey-bearded elders of the Linux distro world, Debian has had issues with Mozilla before. For years, it built its own forks of the Mozilla apps – Iceweasel, Icedove, Iceape, and Iceowl – because of a …

  1. jake Silver badge

    Once again ...

    ... I'm ever so happy that Slackware exists. Just as up to date as the rest, but so, so much easier to keep that way.

    Seriously ... needs a GUI and a browser to update the OS? WTF‽‽‽

    1. Joe W Silver badge

      Re: Once again ...

      As far as I know apt is a command line tool - so I have no clue what you are referring to.

      The problem I have with slackware is that installing/updating software can take a long time on slow machines, and that you always have the latest and greatest software - bugs and all. Debian "stable" is really stable and boring. I like it that way. Also apt is very reliable, the chances of leaving installed packages in an ill defined state are slim. It's a robust system,which I value.

      Great that we have the freedom to choose and prioritise certain aspects!

      1. ragnar

        Re: Once again ...

        Are you confusing slackware with arch?

        Slackware doesn't have the latest and greatest versions - it has a glacial progression that prioritises stability.

        1. jake Silver badge

          Re: Once again ...

          Slackware-stable doesn't have the "latest and greatest" (whatever that means).

          Slackware-current is quite up to date and modern (whatever that means).

          -stable is just that. Comes with kernel 4.4.276 and mozilla-firefox-68.12.0esr. It just works.

          -current is the dev branch (some distros call it a rolling release). It also just works. Comes with kernel 5.15.7 and mozilla-firefox-91.4.0esr ... these are subject to change. Will eventually become Slackware 15.

      2. Anonymous Coward
        Anonymous Coward

        Re: Once again ...

        They were referring to "You can't install or manage GNOME extensions using either a Snap or Flatpak packaged version of Firefox." Which you could respond to if you had read the article, or had considerately re-read upon seeing their comment. I would have no idea.

        So we have a mismatch between the idea of "evergreen browsers" (or at least deciduous) versus the idea of a frozen OS. And Debian have no guidelines established how to overcome the mismatch?

        1. cyberdemon Silver badge
          Facepalm

          Nothing wrong with Debian here..

          This isn't a problem with Debian, it's a problem with Firefox for insisting on such a rapid release cycle even for ESR, and it's a problem with Snap/Flatpak for not playing nicely with system packages. Snap should never conflict with system packages - the whole point is to make it OS independent. Make the executable name `snap-firefox` for example.

          Snap is an Ubuntu abomination that needs to die. Installing a Snap is not "updating the OS". It is installing a containerised software with all its dependencies in a very inefficient and functionally-limited way, just so that it can be independent of the OS, and "unhackable" by the user.

          Installing a snap/flatpak for open source software should NEVER be necessary. It's main use case is for DRM/proprietary software, and that's why Shuttleworth is trying to foist it onto Ubuntu - he can make money from it.

          There has never been a requirement for a web browser "to update the OS". But GNOME doesn't function without a web browser. So if you remove firefox, then you need to install GNOME's browser. You can't make GNOME use a Snap version of Firefox because Snap is Crap. It's containerised and GNOME simply can't access it in the way that it needs to.

          (Also: The article didn't mention the obvious solution: use KDE and chromium, or use KDE and build Firefox from source.)

          1. teknopaul

            Re: Nothing wrong with Debian here..

            Build Firefox from source does not resolve dependecy issues, Shirley?

      3. Crypto Monad Silver badge

        Re: Once again ...

        > Debian "stable" is really stable and boring. I like it that way.

        I like stable and boring too.

        Unfortunately, Debian also has a tendency to modify software, sometimes with a large chainsaw, to make it fit the Debian way of doing things. Decisions which the software author made (with thought and care) are overridden, meaning that package X which works in a particular way when built from source, and when installed on most other distros, works differently when installed as a Debian package. This is the origin of the Firefox / Iceweasel conflict. Debian modified the software so much that it was no longer the same thing that Mozilla released - to the point that it was doing reputational harm to Mozilla to call it "Firefox".

        Debian's attitude that "we know better than the software author" is pervasive. It resulted in the infamous "improvement" to SSH key generation code which removed almost all randomness, leaving it only ever selecting from a few possible keys.

        References: The Register | xkcd 221 | xkcd 424

      4. jake Silver badge
        Pint

        Re: Once again ...

        I have absolutely no idea what I meant. It seemed to make sense at the time ... but then I was working on about 52 hours with no sleep. Usually I know better than to post when sleep deprived. Mea culpa.

  2. sansva

    Install Firefox directly from mozilla.org

    Why doesn't this article mention installing Firefox by downloading it from mozilla.org, which is actually the best way to install it IMHO. For many desktop applications which get updated frequently the preferred way of installing them is directly from the vendor unless there's some overriding or exceptional need to do otherwise.

    Also, the article mentions nothing about the non-free Debian repository, which a desktop user is almost certainly going to want to enable, unless again there's some overriding or exceptional situation.

    1. Anonymous Coward
      Anonymous Coward

      Re: Install Firefox directly from mozilla.org

      Generally, I prefer to rely on a distribution's own updates rather than a direct download & install from its own site; just because it saves me that extra step, and the packaging is done right.

      However, the direct download option is certainly useful. I have a slackware 14.2 install which hasn't had its own firefox package updated for some considerable time (14.2 is not so new any more, and there are apparently some incompatibilities that firefox insists on :-).

      However, I can unpack a direct download of even the latest firefox into it's own directory and run it from there with no problems.

      1. DuncanLarge Silver badge

        Re: Install Firefox directly from mozilla.org

        > rather than a direct download & install from its own site; just because it saves me that extra step

        In the case of firefox, one you un-tar it it updates itself...

    2. captain veg Silver badge

      Re: Install Firefox directly from mozilla.org

      Yeah, that's just great until you have, or want, to move to the latest OS version. In which case the upgrade tool makes you remove all the software that its own package manager didn't install. Which is, IMO, fair enough.

      -A.

      1. DuncanLarge Silver badge

        Re: Install Firefox directly from mozilla.org

        > In which case the upgrade tool makes you remove all the software that its own package manager didn't install.

        No it doesnt.

    3. Liam Proven Silver badge

      Re: Install Firefox directly from mozilla.org

      [Article author here]

      > Why doesn't this article mention installing Firefox by downloading it from mozilla.org, which is actually

      > the best way to install it IMHO.

      OK. You are of course entirely welcome to your opinion.

      Why did I not mention it?

      Because Mozilla does not publish distro packages, just tarballs (AFAIK).

      I do not consider this a viable alternative. Here is why:

      • It is harder to do and requires strong tech knowledge

      • It will not receive updates

      • ... so requires continual ongoing maintenance

      • It does not interact well with the rest of the OS

      · e.g. it won't satisfy dependencies (as Chrome does not)

      Yes, I agree regarding enabling `non-free`. But does that help here, at all?

      1. DuncanLarge Silver badge

        Re: Install Firefox directly from mozilla.org

        > Because Mozilla does not publish distro packages, just tarballs

        yes, which is the simplest and easiest way to install Firefox.

        It self updates, can be installed in your home directory or system wide in /opt.

        Why is that harder than flapping about with flatpack??

        Go on give it a go. Go to Mozilla.org, get the latest ESR firefox, download, untar with your fave archive app and run it.

        > It is harder to do and requires strong tech knowledge

        WHAT? Its a case of RIGHT CLICKING AND SELECTING EXTRACT!

        Have you ever opened a zip file? How is this hard?????????

        > It will not receive updates

        Mine just updated all by itself. My god it must be self aware or something.

        > It does not interact well with the rest of the OS

        BS. First of all you haven't even run the download, how can you? You cant even extract an archive. The only issue I had with it was getting the spellchecking working and that was because FF ESR 91.x has a bug in that you cant install the UK dictionary easily without also having the US english language pack installed, weird but there it is.

        None of your points make any sense. Although I have a degree in computer science I was able to upgrade to FF 91.x ESR by doing what I was able to do as a kid with windows 95 and winzip. I didn't need any hyper IT skillz to do it.

        Your response here calls into question everything regarding your article. Basically you dont know what you are talking about.

        Cant extract a zip. Next up: Clicking an icon is too technical

      2. jake Silver badge

        Re: Install Firefox directly from mozilla.org

        Tarballs are not hard, nor do they require "strong tech knowledge".

        Firefox does indeed receive tech updates (if you allow it).

        EVERYTHING in the world of computers requires ongoing maintenance, and anybody who says otherwise is either an idiot or a liar.

        Firefox interacts as well with the OS (Linux) as any other large program ... it has issues with some Distributions, though. That's hardly the fault of Firefox.

    4. DomDF

      Re: Install Firefox directly from mozilla.org

      This is Linux not Windows.

      1. jake Silver badge

        Re: Install Firefox directly from mozilla.org

        We've noticed. Your point?

  3. Gene Cash Silver badge

    "dangerously outdated browser"

    Eh, I still run FF v43 as that's the last one with cookie control.

    1. Anonymous Coward
      Anonymous Coward

      Re: "dangerously outdated browser"

      I run the latest FF and it has cookie controls. I have it set to strict =

      Stronger protection, but may cause some sites or content to break.

      Firefox blocks the following:

      - Social media trackers

      - Cross-site cookies in all windows (includes tracking cookies)

      - Tracking content in all windows

      - Cryptominers

      - Fingerprinters

      There is also a separate option

      - Delete cookies and site data when Firefox is closed

      which I also have set. Looking more closely now I see that under the "custom" setting (an alternative to "strict") the are 4 options for cookie control =

      - Cross-site cookies - includes social media cookies

      - Cookies from unvisited websites

      - All third party cookies - may cause websites to break

      - All cookies - will cause websites to break

      May I ask you what settings there used to be that are not offered now? Thank you.

    2. Lucy in the Sky (with Diamonds)

      Re: "dangerously outdated browser"

      Current FireFox is so dangerously out of date that it no longer opens iLO2 webpages, making it a clear and present danger to my environment.

      I have to fall back to nice and reliable Internet Explorer.

      A so called "modern browser" needs to accomodate the end user, and not some design dogma.

      Sure, let there be a "Children's Setting" for default installs, but let people opt out of all of those...

      1. Ken Hagan Gold badge

        Re: "dangerously outdated browser"

        Internet Explorer is out of (effective) support, since it is no longer part of a default install and MS really want to kill it. The first decent attack to come along will be the excuse they need to pull the plug entirely.

        Perhaps you meant Edge, which is Chromium done badly.

      2. Throatwarbler Mangrove Silver badge
        Facepalm

        Re: "dangerously outdated browser"

        "Current FireFox is so dangerously out of date that it no longer opens iLO2 webpages, making it a clear and present danger to my environment."

        ITYM, iLO2 is so dangerously out of date that it will not open in a modern browser, only IE.

        You sound dangerously incompetent and should not be allowed near any sort of server without remedial technology training.

        1. DuncanLarge Silver badge

          Re: "dangerously outdated browser"

          I think OP is being sarcastic as FF has forced him to use an outdated dangerous browser?

        2. Lucy in the Sky (with Diamonds)

          Re: "dangerously outdated browser"

          Ah, do tell, how would you update iLO2 hardware?

          The hardware is given, it needs to function, and will function for decades to come.

          My issue is with browsers that refuse to do what I want them to do.

          Also, I do not expect my iLO2 card to launch an attack on my browser.

          Do you even know what iLO2 is?

          Maybe it is you who needs some remedial training...

          1. This post has been deleted by its author

          2. Throatwarbler Mangrove Silver badge
            Stop

            Re: "dangerously outdated browser"

            Yes, thank you, I am quite aware that iLO is HP(E)'s out-of-band management hardware. The issue with compatibility between Firefox (or, indeed, Chrome) and iLO is that ancient versions of iLO such as iLO2 do not support modern encryption standards. In some cases, it is possible to override the settings in new versions of Firefox and enable the older protocols and ciphers to work, but eventually most browser makers assume that Web site creators will upgrade their sites to support, e.g. TLS 1.3 and AES-128. In the case of the older iLO boards, HPE has decided not to provide firmware updates, which means you either have to maintain an older browser deployment or deploy newer hardware. Addressing your question about upgrading the iLO hardware, one must buy a new server. However, since iLO supports firmware updates, HPE could provide updates to older iLO boards allowing them to support newer encryption standards, but they choose not to, thus your complaint ought really to be with HPE for not maintaining the iLO2 firmware for a longer lifespan instead of with Mozilla for failing to maintain obsolete security protocols.

            1. Lucy in the Sky (with Diamonds)

              Re: "dangerously outdated browser"

              Indeed. My servers are a given, as in I did not pay for them, but were given to me, and I use them to host my ESXi farm at home. It will not be upgraded in the next two or three decades, my expected lifespan considering my drinking, but that is a personal matter rather be glossed over.

              I can happily use IE to access the iLO cards, but my major issue is that all my older browsers live on the historic VM farm, which are on the ESXi servers with the iLO2 cards, so when I truly need it, it will not be in the right place.

              Besides, in this day and age, not throwing away functional kit is considered green by tree huggers, so why not take one for the team?

              So, sometime after Mirosoft fully deprecates IE out of windows, I will need to build a physical XP box, just so I can manage my servers.

              I would prefer a major off switch in FireFox instead. Yet, It would be sexy to have a beige XP box, with a VGA CRT...

      3. DuncanLarge Silver badge

        Re: "dangerously outdated browser"

        I gave you an upvote but only because I think you wrote this with tongue in cheek ;)

    3. ragnar

      Re: "dangerously outdated browser"

      Isn't running an outdated browser just begging for an exploit?

      1. DuncanLarge Silver badge

        Re: "dangerously outdated browser"

        I think that was OP's point

    4. DomDF

      Re: "dangerously outdated browser"

      I'm still on 89 (I think) , the last one before the abysmal UI redesign

      1. W.S.Gosset

        Re: "dangerously outdated browser"

        It just keeps going backwards, doesn't it. Gives me the irrits.

  4. mark l 2 Silver badge

    How does Linuxmint handle the Firefox dependencies since its built off Ubuntu? As my Linuxmint install got updated to Firefox 95.0 earlier today which AFAIK is the latest release and it appears they are building their own version as the about Firefox dialog says "Mozilla Firefox for Linux Mint mint 1.0".

    1. Anonymous Coward
      Anonymous Coward

      Ubuntu is based on Debian, but it has hundreds if not thousands of updates and patches that Debian doesn't, so it doesn't have the problem with package releases.

    2. Novex

      I have the Mozilla direct version of Firefox ESR 91 installed on Mint 20.2, and it seems to be OK. I've removed the distro version of Firefox (that isn't ESR) as I don't like the updates to the browser being in the hands of anyone else.

    3. Darkk

      I am using Linux Mint on my laptop as well and my version of FF is showing v.95. However, being Mint for what it is they probably grabbed the latest version from Mozilla and compile it to make it work with with Mint.

      I will have to check my Debian 11 with KDE workstation later to see what version of FF is installed.

  5. karlkarl Silver badge

    I'll take my chances. Running an ancient Firefox in a Jail / Container is still vastly safer than running the very latest browser from upstream raw and unprotected.

    You do all run your web browsers in Jails or VMs right?

    Plus, if you truly go through the "updates" from browser manufacturers, they are pretty much bogus, fixing things like payment, location or analytics APIs which should always be turned off anyway. Much of it is fearmongering to get people onto the latest privacy destroying gimmick as soon as possible.

    1. Anonymous Coward
      Anonymous Coward

      For a while I ran FF on a container running openbox window manager and Xephyr, so the main cut buffer and the main X buffer would be isolated. When needing to send a password to the browser it would be sent in an explicit channel (implemented with an ssh tunnel because it was easy) - the main cut buffer was never exposed directly to the container.

      Another problem was, keep the container around, which I feel is less secure, or start up a new container each time. But a new container needs to be initialized, and setttings set. Time consuming.

      Unfortunately it was all ugly and slow - I got bored and gave up. It's much easier if the X buffer and cut buffer are shared directly - but then I am not sure there is a security advantage.

      What do you think? How do you do it?

      1. Anonymous Coward
        Anonymous Coward

        Firejail (https://firejail.wordpress.com/) is easy ("old aunty" grade easy) to use. Don't know how secure it is though.

      2. karlkarl Silver badge

        ZFS or an overlay filesystem to easily be able to reset the Jail.

        You can get it as easy as launching a script called jailfox rather than firefox. It takes time for an upfront config but you only need to do that once. It has served me well for many years.

      3. DuncanLarge Silver badge

        I just keep backups and dont run as root

        1. W.S.Gosset
          Devil

          coward :D

  6. CCD

    Using Mozilla's own build works for us

    We're running latest Firefox ESR with vanilla Debian 11 + LXDE, it works fine, no dependency issues. Also worked at Debian 10.

    Since 91.0 ESR, and currently with 91.4.0 ESR, just

    1. Visit https://www.mozilla.org/en-US/firefox/all/#product-desktop-esr, select Firefox Extended Support Release, Linux 64-bit, English (British) and download tar.bz2 archive,

    2. Extract to somewhere, I use /opt/mozilla/firefox,

    3. Run /opt/mozilla/firefox/firefox or wherever.

    You can also make this the default installation, without removing the Debian default package e.g.

    # update-alternatives --force --install /usr/bin/firefox firefox /usr/bin/firefox-esr 200

    # update-alternatives --install /usr/bin/firefox firefox /opt/mozilla/firefox/firefox 100

    # update-alternatives --config firefox (select /opt/mozilla/firefox/firefox)

    but if you do this you may then want to hold the default package to prevent updates overwriting the /usr/bin/firefox, symbolic link, e.g.

    # apt-mark hold firefox-esr firefox-esr-l10n-en-gb

  7. oiseau
    Facepalm

    Conservative?

    As a conservative, stable distro, Debian ...

    ... includes systemd.

    And a few other of Poettering's toys.

    If you want a conservative, stable distro you have Devuan.

    O.

    1. Paul Kinsler

      Re: If you want a conservative, stable distro you have Devuan.

      Or, perhaps, Slackware; but each to his own preference.

      1. jake Silver badge

        Re: If you want a conservative, stable distro you have Devuan.

        No perhaps. If you haven't tried Slackware for a couple decades because you think it's "hard", perhaps it's time to give it another try? It hasn't stuck around all these years because it doesn't work ...

    2. Liam Proven Silver badge

      Re: Conservative?

      [Article author here]

      Quick facetious response:

      "You might well say that. I couldn't possibly comment."

      Slightly more nuanced one:

      I do have Devuan at home myself. I rather like it. But for now, in the mainstream Linux world, systemd etc have won, for better or for worse.

      This may change. I somewhat hope it does, but mainly, I think there are far more important issues out there, in these contexts, in the Linux world, greater than that in the FOSS world in general, and greater than that, in the software world in general.

      1. jake Silver badge

        Re: Conservative?

        " But for now, in the mainstream Linux world, systemd etc have won"

        I categorically reject this comment. There is no win or loss, there is only survival in the FOSS ecosystem. I believe that the systemd-cancer will eventually be left by the wayside, perhaps becoming vestigial for a short time before it fades away completely.

        1. CRConrad

          Re: "the systemd-cancer will eventually be left by the wayside"

          We can but hope.

  8. Skiron
    1. teknopaul

      Re: Linus sums up Debian

      Gotta love Linus' turn of phrase

      N.B. 2012 was a while back

      1. Fruit and Nutcase Silver badge
        Pint

        Re: Linus sums up Debian

        He's a bit more forthright a bit earlier in the thread

        https://lkml.org/lkml/2012/7/6/495

        And a Beer for Jukka for...

        > Cc'ing Linus

        I'd be interested in an AI Linus Bot, to be able to cc on contentious technical issues and get a suitable repost

        1. W.S.Gosset

          Re: Linus sums up Debian

          Alan Cox is still active in Unix development!?! Well I did not know that.

          1. jake Silver badge

            Re: Linus sums up Debian

            Last I heard ac has retired from Linux work. He was never a UNIX developer.

            1. Anonymous Coward
              Anonymous Coward

              Re: Linus sums up Debian

              :D Hair-splitter.

              Anyhoo, I've just belatedly registered the 2012 timestamp on his included quote-header. That'll teach me to comment before my first coffee's hit.

              1. W.S.Gosset

                Re: Linus sums up Debian

                Gah. That was me. Looks like the humidity's up today -- my phone's sensitivity range extends and a lazy low finger can trigger stuff I don't notice till too late.

  9. casperghst42

    And that is why…

    I’d would never use Debian in the desktop (GUI), server yes.. desktop no. There Ubuntu would be a better choice.

    1. Nate Amsden

      Re: And that is why…

      Not sure why the down votes for you. As someone who switched exclusively to Debian in 1998(from Slackware), I switched to Ubuntu for laptop/desktop use cases in probably 2006ish time frame I don't recall the first Ubuntu version I used(mostly for the drivers). About 18 months after Ubuntu 10.04 LTS went EOL I switched to Linux Mint (MATE) to keep my Gnome 2 UI which I still use today.

      I continued to use Debian on my personal servers until Devuan came out I dist-upgraded all my systems to Devuan (never having had the pleasure of using systemd in Debian as the version I upgraded from didn't have it).

      I manually maintain my browsers in /usr/local/browser-version where I have firefox esr, seamonkey, and for a while I was running Palemoon too, until they broke all my extensions earlier this year and I switched back to firefox. I run the browsers under different user accounts for perhaps a tad more protection. I run a dedicated copy of firefox esr under a dedicated account for work webmail and atlassian products. Then I have another firefox esr in a VM connected to VPN which is mostly used for internal company services/sites.

      1. John 110
        Facepalm

        Re: And that is why…

        Pale Moon didn't break your extensions. Mozilla massively changed the extension protocol and some of the extension maintainers didn't want to support XUL and the new firefox eco system.

        Feel free to fork your favourite extension so they still work in Pale Moon though.

        Also see https://forum.palemoon.org/viewtopic.php?f=46&t=23697

        1. W.S.Gosset

          Re: And that is why…

          Actually, they did. Per your link's links:

          > The Release Notes say "Denied other types of add-ons that aren't explicitly targeting Pale Moon's ID."

          Yes, there are technical concerns (growing drift of browser from frozen extensions).

          But no, the decision to deliberately exclude those extensions was a deliberate decision to exclude those extensions.

          Per those links, the development work to make them compatible is to change a string tag to say Pale Moon. The actual code's still fine. This sort of thing makes my blood boil.

          1. John 110

            Re: And that is why…

            "Per those links, the development work to make them compatible is to change a string tag to say Pale Moon."

            So that means it's up to the maintainer of the extension to change the target, not the developers of the browser (who have other things to do)

            1. W.S.Gosset

              Re: And that is why…

              Who said anything about the browser-coders working on the extensions? They _broke_ them, requiring _other people_ to add special treatment for their browser.

              Tough shit if the extension is currently or permanently without an owner/maintainer. Tough shit if the owner just threw it out there as useful but doesn't consider it a life commitment. Tough shit if the owner has more than enough on his plate thankyouverymuch, doing actual real genuine semantically meaningful stuff (or having a life) rather than frigging around arranging special duplicate binaries for one particular tiny fork-of-standard. So only the larger active team-built extensions are likely to not die. And for those extension-developers who might consider it, there's still the future to think of and the signalling-of-contempt-for-users+developers which PaleMoon's developers made very very loudly, explicitly, and pointedly. I know for my part, if some developers threw a narcissistic flounce like this, at my+theusers' expense, in something I had developed, I would just write off that target as untrustworthy/a bad target to devote any more time to -- been burnt every single time this attitude has shown itself. Game over for the users.

              And all completely unnecessary, voluntary, and actually more work by the PMdevs to stuff up users+devs than to simply warn that old extensions might in future start to fail or break. "On your own head be it." vs "Do what we tell you right now or fuck off." And they actually documented that themselves in their own release notes.

  10. yetanotheraoc Silver badge

    $ sudo apt-get remove

    "This is because other pre-installed programs require a browser to be present."

    Hmm, is there a list of these to-be-avoided programs somewhere?

    1. Liam Proven Silver badge

      Re: $ sudo apt-get remove

      LibreOffice is the big one.

    2. Anonymous Coward
      Anonymous Coward

      Re: $ sudo apt-get remove

      "Hmm, is there a list of these to-be-avoided programs somewhere?"

      It is annoying for an arbitrary program to require a web browser, but look at it this way: if you have an incidental or occasional need to display web content from a program, would you prefer they delegate to a web browser, or would you prefer they create their own half-baked browser?

      That being said

      1) too much is done via web (ex: help files. Ok, point me to a web site for more info, but keep the key stuff local)

      2) make the browser a recommended add-on, not a required add-on.

  11. John Brown (no body) Silver badge

    Mozilla's four-weekly release cycle

    That does seem a tad too frequent for what is, for many people, the most used program on their systems. Are there really that many and that frequent bug fixes? Or are they releasing a new version every 4 weeks just because that's the target they have set themselves?

    1. DuncanLarge Silver badge

      Re: Mozilla's four-weekly release cycle

      > That does seem a tad too frequent

      You'd be surprised. Its a dangerous fast moving world out there keeping up with security vulns is a nightmare, and thats only for the ones that are known about.

  12. BenDwire Silver badge
    Linux

    Eh?

    Debian Testing on the desktop running here, with FF 95.0

    No problems observed at all, so I'm not sure if I've missed something?

    Admittedly I've given up on Gnome and have decided to use KDE Plasma for other reasons (NoteCasePro) but all is well in my world.

    1. Anonymous Coward
      Anonymous Coward

      Re: Eh?

      "The problem is that Firefox 91, the current ESR version, includes several dependencies that the current stable version of Debian – 11.1 "Bullseye" ­– can't fulfill,"

      FF 91 ESR is the problem one. FF 95 non ESR shouldn't cause a problem.

  13. This post has been deleted by its author

  14. davcefai
    Boffin

    I may be missing something but this looks remarkably like a storm in a teacup. I run Devuan unstable. While agreeing that it is usually best to use the distro's packaged software. However "rules" are only there to be broken. In my case I believe that Firefox is best installed from mozilla.org.

    The process is incredibly complicated:

    1. From Help - About Firefox see if there are updates.

    2. If yes, download, in my case, to /opt/downloads/firefox

    3. Unpack the files to (in most cases) /usr/local.

    4. Umm...Er..There is no 4!

    Firefox ESR tends to fail at critical moments. I used to use it on my wife and grandson's PCs but frankly it's more trouble than it saves.

    1. DuncanLarge Silver badge

      How the heck did you get yours to not auto install the update?

      What is this /opt/downloads nonsense?

      Oh, you are making it up.

  15. amacater

    Firefox and Debian ...

    So: Part of the problem is FF building requiring Rust - and thus effectively a new toolchain per distro per release - stable, oldstable, oldoldstable, potentially.

    That also extends to building FF on non-Intel 32/64 bit versions but also all the other architectures that Debian supports. It's in hand: it will be done soonest.

    There's a long thread in the debian-user mailing list at the moment: perhaps the most germane comment is https://lists.debian.org/debian-user/2021/12/msg00344.html from Roberto C. Sanchez.

    Folk who have solved this by updating to FF95 themselves are finding issues with having to back up and restore profiles as new FF does things slightly differently.

    As Roberto says, Ubuntu can afford to do things differently, not least because thy only have two primary architectures to worry about. There's also been a long comment thread on Phoronix which largely degenerated to general Debian bashing. Every distro has a trade off: the trade off of knowledgeable developers and the Firefox release cycle might be to push Firefox out eventually. It's actually very similar problems with chromium cross-distro when you dig into it. It will be a problem if we don't have distribution maintainers around for whoever are sorting out FF builds on a regular basis. [Full disclosure: I'm a Debian developer and help reply to questions on Debian-user but other than wanting a decent web browser, I've no great desire to participate in blame wars here.]

  16. Ilgaz

    No Flatpak ESR?

    I wonder if ESR version of Firefox would solve this drama from Mozilla side...

  17. DuncanLarge Silver badge

    What is all the fuss

    What is all this nonsense about Flatpack and GNOME etc?

    Just go and download the Firefox ESR tarball of Mozilla.org (click the big download button) and extract it.

    Extract it into your $home or for the whole system on /opt.

    Point your shortcuts/icons whatever to use that version.

    Run it.

    Works fine on Debian 10.

    Updates itself!

    If you install into /opt then as Firefox runs as non-root it will tell you there is an update it cant install, thus run it as root and it updates.

    Its just a tarball, the simplest installation method ever. Everything works out of the box.

  18. Robert Carnegie Silver badge

    Anyone boasting here about the old insecure software you still use... is making a mistake.

    jshell.open("sh.exe youllregretthis") is what I'm saying. :-)

  19. bazza Silver badge

    Fundamental incompatibility in aims

    Debian is slow, studied and conservative in how it evolves. The Web isn't, not by a long way. If such an OS's desktop is going to require a Web browser in order to work, things are going to go wrong...

    Debian should stop supporting a desktop environment that requires a Web browser.

    I admit that I'm missing an opportunity for bashing Poettering, so I'll throw in "for goodness sake LP/RedHat, stop relying on Web tech in Gnome, what do you think you're doing?" for free. Next thing we'll know is that Gnome gets built on Electron....

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like