Package: iceweasel Version: 3.5.13-1 Severity: important Justification: major user-facing component of a system is unusably outdated (missing OFFICIAL support, of security updates etc.)
Keywords: Firefox Iceweasel 3.5 outdated unsupported deprecated For about 3 weeks now already, bw-bank.de has been actively blocking online banking access for Firefox versions <= 3.5.x. The problem is that I'm online with a Debian system as updated as can be (Debian stable base, security, even plus backports). The version that it offers is 3.5.12-2~bpo50+1 . I know the history of why 3.5.x has been decided to remain in Debian (issues with updating of XUL dependencies, as explained in http://bugs.debian.org/591500 ). Mozilla is said to have ceased support for 3.5.x in August 2010 already (see http://de.wikipedia.org/wiki/Mozilla_Firefox ). (the IDIOTIC Mozilla source versioning development has been bitterly and thoroughly complained about in an online article a couple months ago which I cannot locate any more currently, which pinpointed EXACTLY the major issues that distro people would face once security update support was very prematurely closed down). Probably the decision-making at that bank is a sort of reptile-minded "is it a vendor-supported version?". This probably explains why even internet browser ZOMBIE IE6 is still supported (Secunia statistics of IE8 vs. FF 3.5 vs. IE6 are eye-opening). So, who is to take the blame? I'd say it's Mozilla by far. And then we have a very much overly eager deprecation by the bank (blocked a mere month after official support ended, for a browser version which got introduced on June 30th 2009 only). But a large share of the problem lies on Debian as well, since NOT EVEN UNSTABLE has a less-than-historic Firefox version (http://packages.debian.org/search?keywords=iceweasel ). And even Backports doesn't help either (one needs to go to experimental to even get a glimpse of 3.6.x!). Note that an analysis of distrowatch.com package versions shows that usually the second-last release version of distros (MEPIS, MINT, openSUSE, Mandriva, Fedora) already progressed towards 3.6.x, EXCEPT for Debian. Even the rabidly conservative RHEL5.5 (which I have to work with most of the time) is now at Firefox 3.6.x (.8, IIRC). Hence this IMHO critical bug report. We're talking of a major system component (some users are spending > 90% of their time with browser use) which is starting to be unusably outdated, and even the most conservative other distros have updated their packages. IMHO this should serve as a wakeup call. Now, which direction to go to? Probably Backports would be the best place to act on this. Thanks, Andreas Mohr -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
