Zonker doesn't like Iceweasel

Story: Alternative Browsers: Beyond Chrome and FirefoxTotal Replies: 13
Author Content
Steven_Rosenber

Feb 12, 2010
2:09 AM EDT
Quoting:I’d be remiss not to mention Iceweasel, though I don’t really recommend it over Firefox. Apart from the clever name, Iceweasel doesn’t have a lot to recommend it. It’s a re-branded Firefox that was created to solve some trademark issues that Debian was having with the Mozilla Foundation. It’s mostly Firefox, but may includes some patches that haven’t been approved by Mozilla and anything that doesn’t match the Debian Free Software Guidelines removed.


Why does he mention Iceweasel? You can tell he either hasn't run Debian ever, or in a very, very long time. (And why would he, being a SUSE employee until very recently?)

I didn't buy his reasoning. I'd rather have the Debian Security Team looking at the patches than Mozilla ... and as far as DFSG, I wish he'd be more specific. Is it codecs? Flash?
dinotrac

Feb 12, 2010
8:08 AM EDT
I'm sorry, Steve, but I'm with the author on this one.

I can tolerate a lot of things, but insist on keeping frozen lawyers out of my browsing experience.
jdixon

Feb 12, 2010
12:22 PM EDT
> ...but insist on keeping frozen lawyers out of my browsing experience.

Wouldn't that be an icedweasel rather than an iceweasel?
hkwint

Feb 12, 2010
12:49 PM EDT
I can't agree either, I rather don't have Debian 'taking care of my security' because after their OpenSSL failure I cannot trust them. Don't have to, as I don't run Debian anyway.
Steven_Rosenber

Feb 12, 2010
4:12 PM EDT
I agree that the OpenSSL debacle doesn't look good. I'd like to see the discovery of the flaw as somewhat of a wakeup call.

I guess if Zonker has said that he prefers packages built directly from the upstream source, then I'd understand.

So SUSE doesn't look at the Firefox patches before they build it? I wonder.

I'm not so sure Zonker is talking about security, although I did jump to that conclusion.

He writes, "some patches that haven't been approved by Mozilla."

So other distros are either not patching FF at all, or there's some kind of approval process at Mozilla that examines downstream patches and approves them or not. (Sounds like the iPhone app store.)

In the case of Debian Lenny, Icweasel/FF is still 3.0.x, and I don't think Mozilla is patching that branch at all. Thus distros that still use 3.0.x have to backport patches from 3.5.x for their 3.0.x builds. At least I think that's what's going on.

Regarding Debian developers who kill security on upstream projects, I'm no happier about that than any of you are. I just hope everybody "learned someting," namely not to break what ain't broken.
ComputerBob

Feb 12, 2010
4:49 PM EDT
Quoting:Regarding Debian developers who kill security on upstream projects, I'm no happier about that than any of you are. I just hope everybody "learned someting," namely not to break what ain't broken.
LOL

I wonder if maybe the reason that that lesson appears to be flying over the heads of so many developers these days -- and I'm not pointing fingers at anyone in particular, but you can probably guess -- is because they are working under the co-delusion that things are "broken" and that they are doing everyone a favor by "fixing" them.
Scott_Ruecker

Feb 14, 2010
3:46 PM EDT
I have to agree with Joe on Iceweasel. I had to use it when I was running Debian a while back..what a joke..

When you are so uppity about your license that you have to gut a perfectly good browser just to make yourself feel better and purposely make it so no one wants to use it.

And no, I don't care about the particulars of why they had to do it and why it is so effing important in maintaining the purity of the Debian project either. Iceweasel sucks on purpose and the Debian devs know it.

Sander_Marechal

Feb 18, 2010
9:02 AM EDT
I have to disagree with most of you here. A couple of things:

Don't look at the version number for IceWeasel. That's just the shell. The chrome of the browser. The "engine" is in the xulrunner package. If you're going to compare version numbers, compare Debian xulrunner against Mozilla's Xulrunner or Gecko.

Debian needs to maintain Iceweasel/Xulrunnner for much longer than Mozilla maintains Firefox/Gecko. Which is one of the reasons for the split.

Mozilla doesn't like some of the patches that Debian has made. One such patch is removing the auto-update feature from Iceweasel. Which is perfectly fine since Iceweasel/Xulrunner updates come from Debian's automatic update feature.

Otherwise Iceweasel matches Firefox pretty well. This shows because virtually all Firefox plugins work on Iceweasel with no change.

And finally, about the OpenSSL problem: Funny how people always forget that the OpenSSL guys approved of the patch. Debian sent the patch upstream for approval. The OpenSSL people didn't apply it themselves upstream (all it did was remove some Valgrind warnings) but they saw no problems with it. Security- or otherwise.
bigg

Feb 18, 2010
9:39 AM EDT
> Otherwise Iceweasel matches Firefox pretty well.

In terms of speed? When I was running Debian, Iceweasel was much slower. I'd always download Firefox from Mozilla. Maybe it's changed now.

> the OpenSSL guys approved of the patch

As I recall, nobody told the Debian packager to not do it, I don't think anyone from the project actually looked at what he was proposing and said "this will not cause any problems". He posted a message and nobody said it would be a problem. IMO he violated a critical rule: never change anything unless (a) you know what you're doing and understand the consequences, or (b) it doesn't work otherwise. I have a strong preference for the Slackware approach of plain vanilla.
ComputerBob

Feb 18, 2010
8:52 PM EDT
I'm currently running Debian Squeeze on this system with Iceweasel 3.5.6.

My other two systems are running Debian Squeeze with Firefox 3.6.

Both Iceweasel and Firefox were deathly slow OOTB, but after I disabled ipv6 in about:config, they both got way, way faster. (BTW, I also always disable ipv6 in Thunderbird/Icedove as well as globally on all of my systems -- it makes a difference when doing updates, FTP, etc.)

I don't notice any speed difference at all between FF3.6 and IW3.5.6.
Steven_Rosenber

Feb 18, 2010
9:18 PM EDT
Thanks for the tip, ComputerBob. I don't even have to confess: I know little about ipv6 other than that it will seemingly never be in general use.

Re: OpenSSL, that is a bit disturbing.

Hans, you've helped me before with Iceweasel vs. Firefox version numbers, and I'm glad to see you doing so again.

Now that I'm in GNOME, whenever possible I run the Epiphany browser, which way faster than Firefox/Iceweasel. And this is the Gecko version (in Debian Lenny). I have used the Webkit version when I was still running Ubuntu, and that's probably quite a bit better. I suppose Squeeze has the Webkit Epiphany, but as I've said many a time, I'm not leaping off of Lenny unless I have some kind of major problem before Squeeze goes Stable and has a little time to settle in.

I'm happy to be back in Debian (which I left when I first had Xorg problems that would later repeat themselves in just about everything), but had I stuck with Ubuntu 8.04 LTS for maybe another month, my main issues would've been fixed and I could still be running it today ... still am on my daughter's Gateway Solo 1450 laptop, where Hardy remains a great system.

I'm also running Icedove/Thunderbird with Iceowl/Lightning, and that has been performing quite well.
krisum

Feb 19, 2010
2:47 AM EDT
Sander is right about the version numbers of iceweasel: its the version of xulrunner that matters and Debian maintains packages far beyond upstream in many cases. OpenSSL was one instance where Debian really goofed up, though. I have always been a little skeptical about the huge number of patches debian ships for Xorg, for example, and increasing in every release rather than getting those integrated into upstream. Some of those were understandable being Debian specific changes but many others are supposed to be bugfixes for issues reported in Debian BTS so those should be going upstream asap but that does not always happen with Debian (I have not been tracking this for sometime so things may have changed for better recently).

Quoting: Funny how people always forget that the OpenSSL guys approved of the patch. Debian sent the patch upstream for approval. The OpenSSL people didn't apply it themselves upstream (all it did was remove some Valgrind warnings) but they saw no problems with it. Security- or otherwise.
I do not see how an opinion for a patch on mailing list from one of the list members can be construed as an approval by any stretch of imagination. An approval can only be assumed if OpenSSL devs would have reviewed and applied the patch upstream -- in fact the patch was never proposed for inclusion in upstream rather only discussed on mailing list. Most developers did not comment on it while one of them asked to build with "-DPURIFY" to get rid of valgrind warnings (http://marc.info/?l=openssl-dev&m=114654760312453&w=2). Its hard to understand how a Debian maintainer can assume some code to be redundant when he himself admitted that: "But I have no idea what effect this really has on the RNG".
Sander_Marechal

Feb 19, 2010
7:47 AM EDT
Quoting:I do not see how an opinion for a patch on mailing list from one of the list members can be construed as an approval by any stretch of imagination.


Not just list members. Members of the development team.

http://marc.info/?l=openssl-dev&m=114652287210110&w=2 http://www.openssl.org/about/
krisum

Feb 20, 2010
2:07 PM EDT
> Not just list members. Members of the development team.

Yes, but as you can see it was an opinion, not a review or approval which is an entirely different thing. In fact he goes on to say that valgrind reports thousands of bogus errors. A reviewal will typically involve submitting the patch, comments from whoever is managing those portions of the code and then applying it in the repository. Notice the DD's comment "But I have no idea what effect this really has on the RNG" and still going ahead with the change.

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!