Mozilla proposes 5X slower Firefox release tempo for enterprises
ESR channel would ship a new version every 30 weeks, support with interim security updates
Computerworld - Mozilla has proposed a significantly slower Firefox release pace for enterprises, the result of a corporate backlash earlier this year against an accelerated scheme that ships a new edition of the browser every six weeks.
If the proposal is adopted, Mozilla will deliver a new version of Firefox to enterprises every 30 weeks, five times slower than to consumers. During each 30-week stretch, Mozilla would issue only security updates for the browser. In addition, each enterprise edition would be supported for an additional 12 weeks after the release of its successor, assuring companies 42 weeks of support for each version.
Mozilla now discontinues security support for a specific version of Firefox as soon as the next in line appears.
"These proposed releases would provide organizations with additional time to certify and deploy new versions of Firefox while mitigating some of the security risks of staying on an older release," said Kev Needham, Mozilla's channel manager, in a post to mozilla.dev.planning discussion forum.
The interim security updates would be limited to patches for vulnerabilities rated "critical" or "high," the two most-serious rankings in Mozilla's threat scoring system. What Mozilla calls "chem spills" -- emergency fixes labeled "out-of-band" by other vendors such as Microsoft and Adobe -- would also be included in the updates between each 30-week release.
Mozilla is calling the new release concept "Extended Support Release," or ESR. If the proposal is approved, ESR would kick off with either Firefox 8, now slated for delivery Nov. 8, or Firefox 9, which is planned to ship Dec. 20.
If ESR begins with Firefox 8, adopters would not receive a new version of the browser until Mozilla ships Firefox 13 on June 5, 2012.
"I think the proposal addresses most of the concerns of enterprises," said Mike Kaply, a consultant who specializes in writing Firefox add-ons and in customizing the browser for corporate clients.
Kaply was one of the critics who last June blasted Mozilla's rapid release schedule, saying that the six-week scheme was unworkable for enterprises because it did not give them enough time to test each update. Kaply and others raised additional issues, including Mozilla's decision not to support older editions with security updates, forcing companies to choose between running an untested browser or one that had known vulnerabilities.
Mozilla took heat over the six-week schedule, in part because Asa Dotzler, a director of Firefox, said that enterprise "has never been (and I'll argue, shouldn't be) a focus of ours," and dismissed corporate users as "a drop in the bucket."
Rival browser maker Microsoft inserted itself into the controversy to pitch its Internet Explorer (IE) browser as better suited to enterprise needs.
Mozilla's reaction to the backlash was to form a working group to look at ways to keep enterprise users happy. The ESR proposal came out of that group.
Kaply, who monitored the enterprise working group mailing list -- which Mozilla declined to make accessible to the media -- said that the proposal was largely an internal production. He acknowledged that much of the feedback he provided was integrated into the proposal, however.
Kaply was cautiously optimistic about the ESR plan. "I think this will go a long way to show that Mozilla cares about enterprise," he said. "Forty-two weeks is a nice chunk of time to move from one version to another."
But he hesitated to claim victory for enterprises until Mozilla actually committed to ESR and showed it was serious about supporting corporate users. "They made it clear that this is a proposal, said Kaply. "I've seen proposals from them before. I'm excited about this, but I'll believe it the day they roll it out."
In the proposal, Mozilla spelled out several caveats and risks, including its prediction that ESR "will be less secure than the regular release of Firefox" because new functionality and lower-level patches will not be added to the enterprise channel as fast as the one for consumers.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His e-mail address is email@example.com.
- Google reverses field, promises to restore Chrome's scrollbar arrows
- Update: Google ships Chrome 33, patches 28 bugs
- Mozilla's top exec defends in-Firefox ads, revenue search
- Mozilla taps in-Firefox ads as it searches for more revenue
- Mozilla ships Metro Firefox beta for Windows 8
- Mozilla defers Firefox's new 'Australis' UI to April
- Mozilla resets Metro Firefox ship date to mid-March
- Mozilla ships Firefox 26 with opening click-to-play move
- Mozilla banked $274M in '12 from Google-Firefox search deal
- Google trumpets Chrome's SPDY gains
Read more about Desktop Apps in Computerworld's Desktop Apps Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- How 10GbE Network is the Backbone of the Virtual Data Center The shift to a virtual data center has put tremendous strain on legacy networks; driving the need for more speed, lower latency, more...
- Accelerating Network Convergence in Virtualized and Cloud Data Centers Adopting a converged networking strategy enables organizations to traffic server and storage I/O workloads on consolidated data throughput channels. Intelligent software helps optimize...
- 10GbE in the Data Center Improvements in 10GbE technology, lower pricing, and improved performance make 10GbE for the mid-market a viable and cost-effective strategy. This white paper discusses...
- Cybersecurity Imperatives Reinvent Your Network Security With Palo Alto Networks The Rise of CyberSecurity
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Desktop Apps White Papers | Webcasts