[moron4hire]

I don't understand why Debian has anything to do with Firefox. Why does the operating system have any say on what applications get released and how often? Isn't this the whole point of using free, open source software? To be able to choose your own components? Why do we need Debian bundling Firefox?

[steveklabnik]

Debian user and Mozilla employee who uses Iceweasel here. I work on Rust, not Firefox though.

  > Why does the operating system have any say on what applications get released
  > and how often?

This has to do with the interaction between the original authors and the distribution itself. Let's go through an example:

1. I, Steve, write some bit of software, libfoo, and host it on my GitHub page.

2. Debian users would like to use libfoo. They have two options at this point: download and build libfoo from me, or get it from Debian's package repository.

3. In order to be put into Debian's repository, a suitable package needs to be created. What exactly that means depends on the package itself, but sometimes it's about things like "which paths are searched by default". Anything that integrates with the overall system. So someone, probably not even me, would need to say "I'm going to maintain a package for libfoo in Debian." They are responsible for taking from "upstream", my GitHub page, and producing a .deb for inclusion in Debian's repositories. This may involve modifying libfoo in some ways. It depends.

At any time, a user of Debian can choose: Do I get libfoo from Steve's GitHub, or do I get libfoo from apt? The reason that you might choose the latter is because Debian knows Debian better than I do. (Well, I said I use Debian above, but this works across distros, basically. I have no clue what Fedora's norms are, for example.) The package from Debian's repositories will be better integrated into the system, and will be tested for compatibility with other packages. Part of this is due to the release cycle of Debian itself; and this is what's being discussed here. It's not about when Firefox is released, it's about when the Debian package for Firefox is released. And what version of that package corresponds to which upstream version?

So! Back to this bug. Due to some... history between Mozilla and Debian, Debian's package for Firefox couldn't be called "Firefox." So it was rebranded to "Iceweasel." This bug is about re-synching the names, and having the Debian-provided package produce "Firefox" again.

Does that make sense?

[vermontdevil]

Yep. Thanks for this. Painted a great pic in my mind about the issue/process here.

[steveklabnik]

Great, glad to help.

[moron4hire]

I understand what you are saying, but it doesn't make sense. It sounds like a really bad way to do software development.

[steveklabnik]

It's fundamentally about decoupling. As the author of libfoo, I cannot keep up with all of the different Linux distros and how they do their thing. So you decouple the process by having two layers of maintainer; the upstream maintainer and the package maintainer. And I can't then also test my package with every other package on every other distro.

It has problems like anything else does, but it's pretty effective overall.

What specifically do you find bad about it?

[shmerl]

What's the alternative? If you will try installing random stuff you'll get dependencies hell. Another extreme is self contained software, when each application bundles its own dependencies. Android does that more or less. But such approach causes major bloat and also increases security risks because you need to patch each application and its dependencies (which are duplicated in the multiple variants) once vulnerabilities are discovered.

Any better ideas than these two?

[jimmaswell]

The bloat from self-contained software really isn't that much. It doesn't cause a space problem even on the small amount of space on an Android device.

[shmerl]

It depends on how many dependencies we are talking about. And more than bloat, security issues are critical.

[daemin]

Package Managers. In Debian the package manager (and repositories) is the app store.

[moron4hire]

This is, to me, a point against package managers. Little Windows universe secret: Installers aren't that bad.

[Peaker]

After using apt-get for everything, going back to manually finding an (untrusted) executable, running it, hitting a bunch of next buttons -- seems insane.

It is quite bad. External dependencies are also nearly impractical this way, so all installers tend to embed their universe of dependencies, making for an even worse experience.

[jimmaswell]

After simply using installers in Windows, dealing with conflicting package and library dependencies seems insane. I've been unable to use multiple applications on linux because of this issue whereas that would never happen on Windows where installers just have what they need without getting in each other's business.

[vacri]

So, I had to clean some viruses off a Windows 7 machine for a friend recently. I had to grab about six different bits of anti-malware software to do so. Some of that software came from famous vendors' sites where the downloaded software wasn't even protected by https. No real way to externally validate the item I was about to install on a system which is already known to be compromised.

Some of the installers tried to install bundled crapware - which is frequent in the Windows world, and you have to watch out for it with every installer.

I hadn't done any real work on Windows for so long that I'd forgotten the whole "is this even safe to download?" problem that Windows has with it's applications.

[jimmaswell]

Are you sure Microsoft's antivirus wasn't enough?

[debacle]

> installers just have what they need

Have you ever tried writing a Windows installer?

[mwcampbell]

What exactly is your point? Applications bundling their dependencies is the norm on all mass-market desktop and mobile platforms. So commercial developers of packaged software are used to it. Such developers even tend to bundle dependencies when targeting Linux, if they want to be distro-agnostic. In this respect, developers of open-source software are spoiled, because they can delegate dependency handling to the distro or, in many cases, the user.

[moron4hire]

Yes, several. Have you?

[moron4hire]

Untrusted by whom? It's the same vendor whether it comes from their site or the package repository.

And maybe people include way too many dependencies in their projects if it's too much to manage manually. Also, installers are perfectly capable of managing dependencies.

[subway]

It's the same vendor whether it comes from their site or the package repository.

Prove it.

The package manager allows you to cryptographically verify the binary was inspected by somebody you trust (the package maintainers). While windows has added code-signing/verification capabilities, many installers are unsigned, and those which are signed don't have a useful trust anchor.

[moron4hire]

Prove the repository maintainer doesn't blanket approve things because they are overwhelmed.

[temp]

>Installers aren't that bad

Nothing stops you from getting Firefox on Debian the "Windows" way.

[moron4hire]

Tried it, couldn't get it to work. This was Raspbian, though.

[mwcampbell]

As far as I can tell, Mozilla doesn't provide official Firefox builds for any ARM Linux device.

The official Linux x86_64 build for version 44.0.2 is here:

https://ftp.mozilla.org/pub/firefox/releases/44.0.2/linux-x8...

I don't know who uses those builds, though. We can be sure that the year of Linux on the desktop will never arrive if we expect end-users to unpack tarballs.

Edit: To make that last part a little more constructive, perhaps this will help with distro-agnostic packaging of official Linux builds of Firefox and other applications: https://wiki.gnome.org/Projects/SandboxedApps

[mort96]

Did you try to download the x86 build? If so, it's your fault. If they don't provide an arm build, or if you got the arm build, it's Mozilla's fault, not Debian's.

[voltagex_]

My contact details are in my profile - I'm happy to help you get this working if you're still interested. It can be hard to find correct instructions for things like manual installs, especially when distros like Raspbian can be slightly different from their upstream sources.

[xorcist]

1. Unpack.

2. Run.

[Ace17]

There's no such thing as downloading a random installer from a random website, and then running it with administrative priviledges!

[regularfry]

The point of a distribution is to provide a complete, working system. It's not just a collection of independent components, it's curated such that the whole is coherent.

[moron4hire]

So the shit MS got blasted for: bundling IE with Windows.

[lwhalen]

2 things: you have to manually install a Web browser. Under Debian, it is equally as easy to install Firefox as it is to install chromium and other competing browsers (no lock-in), and the big one: you are not compelled to pay for Debian like you are for Windows.

[yebyen]

Not even remotely comparable. Firefox is not a product of Debian, and Debian is not nor ever has been in a "monopoly" position with respect to any market.

[joelg236]

I think you know as well as everyone else that that's not the same thing. MS did not provide an option to uninstall IE, where debian literally has dozens of FF alternatives at your fingertips.

[jhasse]

Doesn't matter, Debian hasn't a monopoly.

[regularfry]

MS didn't get blasted for the how, they got blasted for the why.

[vacri]

> Why does the operating system have any say on what applications get released and how often?

Because it's a curated experience. But debian (or any distro) don't force you to use their versions. You're quite able to install your own on your free, open source software. Find your own repositories, set up your own repositories, manually install downloaded packages, configure/make/make-install your own software... debian not only doesn't stop you from doing this, but is built around letting you do this (as are all major distros).

You're not forced to use a repository at all.

[tux1968]

Debian isn't an operating system. Linux an operating system and is a small part of the Debian distribution.

[cyphar]

> Debian isn't an operating system. Linux an operating system and is a small part of the Debian distribution.

No. Debian GNU/Linux is an operating system (specifically a variant of GNU/Linux). Linux is a kernel, not an operating system (I think only Linus tries to claim that a kernel is all that makes an operating system -- but I'd require at least libc and POSIX coreutils before you can begin to call something an operating system).

[pavanky]

You don't need to use the package manager. Users who want to use it will use it.