LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

A tempest in a toybox

LWN.net Weekly Edition for January 26, 2012

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

firefox: policy bypass

firefox: policy bypass

Posted Nov 20, 2008 23:26 UTC (Thu) by jspaleta (subscriber, #50639)
In reply to: firefox: policy bypass by nix
Parent article: firefox: policy bypass

This is only going to get better if we all make an effort to be explicit about where things stands. That way you know exactly which upstream project you should be talking to about reducing their dependence on unstable API bits. Maybe its the upstream apps could self-restrict to the stable API in some cases, maybe they can't.

The instability of gecko libraries has been a historic problem for distributors. The fact that external applications were built against it when its treated as an internal firefox API for so long is really unfortunate. But we are where we are, and it is what it is. We can't snap our fingers and force gecko-libs to be stable if the upstream work on the libraries isn't making API stability a priority. And we can't force application developers to only use the stable API.

A system wide xulrunner is better than having apps ship their on copies of the libraries, and trying to keep up with vulnerabilities across multiple copies and revisions of the same code scattered through many applications.

The question remains... who out there is trying to be explicit about the relationship between the stability of gecko-libs API and applications? Fedora is and we take our lumps for it by having people misinterpret the reason why so many apps get rebuilt when an xulrunner update goes out the door.

Which of the other distributors are making that effort to be as explicit and attempting to ensure that the unstable API doesn't cause an application runtime problem on xulrunner update? Which of the other distributors are even aware that there is a stable and unstable segment to the gecko libs API? I don't know. If you are using another linux distribution, it is your best interest to understand how your distributor handles this. Do you know how to tell which apps in the distribution you use use the unstable gecko API? Do they get rebuilt when xulrunner is updated? Ask the maintainers of firefox and xulrunner and apps which depend on libraries from either how they address the issue of gecko lib API instability as it relates to updates. The email url reference I gave previously is probably best reference I know that you can have your distribution's maintainer look at and comment on.

-jef

(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds