Mozilla proposes 5X slower Firefox release tempo for enterprises
ESR channel would ship a new version every 30 weeks, support with interim security updates
Computerworld - Mozilla has proposed a significantly slower Firefox release pace for enterprises, the result of a corporate backlash earlier this year against an accelerated scheme that ships a new edition of the browser every six weeks.
If the proposal is adopted, Mozilla will deliver a new version of Firefox to enterprises every 30 weeks, five times slower than to consumers. During each 30-week stretch, Mozilla would issue only security updates for the browser. In addition, each enterprise edition would be supported for an additional 12 weeks after the release of its successor, assuring companies 42 weeks of support for each version.
Mozilla now discontinues security support for a specific version of Firefox as soon as the next in line appears.
"These proposed releases would provide organizations with additional time to certify and deploy new versions of Firefox while mitigating some of the security risks of staying on an older release," said Kev Needham, Mozilla's channel manager, in a post to mozilla.dev.planning discussion forum.
The interim security updates would be limited to patches for vulnerabilities rated "critical" or "high," the two most-serious rankings in Mozilla's threat scoring system. What Mozilla calls "chem spills" -- emergency fixes labeled "out-of-band" by other vendors such as Microsoft and Adobe -- would also be included in the updates between each 30-week release.
Mozilla is calling the new release concept "Extended Support Release," or ESR. If the proposal is approved, ESR would kick off with either Firefox 8, now slated for delivery Nov. 8, or Firefox 9, which is planned to ship Dec. 20.
If ESR begins with Firefox 8, adopters would not receive a new version of the browser until Mozilla ships Firefox 13 on June 5, 2012.
"I think the proposal addresses most of the concerns of enterprises," said Mike Kaply, a consultant who specializes in writing Firefox add-ons and in customizing the browser for corporate clients.
Kaply was one of the critics who last June blasted Mozilla's rapid release schedule, saying that the six-week scheme was unworkable for enterprises because it did not give them enough time to test each update. Kaply and others raised additional issues, including Mozilla's decision not to support older editions with security updates, forcing companies to choose between running an untested browser or one that had known vulnerabilities.
Mozilla took heat over the six-week schedule, in part because Asa Dotzler, a director of Firefox, said that enterprise "has never been (and I'll argue, shouldn't be) a focus of ours," and dismissed corporate users as "a drop in the bucket."
Rival browser maker Microsoft inserted itself into the controversy to pitch its Internet Explorer (IE) browser as better suited to enterprise needs.
Mozilla's reaction to the backlash was to form a working group to look at ways to keep enterprise users happy. The ESR proposal came out of that group.
Kaply, who monitored the enterprise working group mailing list -- which Mozilla declined to make accessible to the media -- said that the proposal was largely an internal production. He acknowledged that much of the feedback he provided was integrated into the proposal, however.
Kaply was cautiously optimistic about the ESR plan. "I think this will go a long way to show that Mozilla cares about enterprise," he said. "Forty-two weeks is a nice chunk of time to move from one version to another."
But he hesitated to claim victory for enterprises until Mozilla actually committed to ESR and showed it was serious about supporting corporate users. "They made it clear that this is a proposal, said Kaply. "I've seen proposals from them before. I'm excited about this, but I'll believe it the day they roll it out."
In the proposal, Mozilla spelled out several caveats and risks, including its prediction that ESR "will be less secure than the regular release of Firefox" because new functionality and lower-level patches will not be added to the enterprise channel as fast as the one for consumers.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
- Chrome users won't give up, keep pressing Google to restore old-style new tab page
- Google quashes 31 vulnerabilities, restores Metro mode 'steppers' with Chrome 34
- Firefox's UI face-lift on track for April debut
- Ex-Mozilla engineer blames Microsoft's rules for Metro Firefox's death
- Mozilla patches 20 Firefox flaws, plugs Pwn2Own holes
- Google reverses field, promises to restore Chrome's scrollbar arrows
- Update: Google ships Chrome 33, patches 28 bugs
- Mozilla's top exec defends in-Firefox ads, revenue search
- Mozilla taps in-Firefox ads as it searches for more revenue
- Mozilla ships Metro Firefox beta for Windows 8
Read more about Desktop Apps in Computerworld's Desktop Apps Topic Center.
- Gartner Magic Quadrant for Client Management Tools The client management tool market is maturing and evolving to adapt to consumerization, desktop virtualization, and an ongoing need to improve efficiency.
- Path Selection Infographic Path Selection Infographic
- Hyperconvergence Infographic A wide range of observers agree that data centers are now entering an era of "hyperconvergence" that will raise network traffic levels faster...
- Preparing Your Infrastructure for the Hyperconvergence Era From cloud computing and virtualization to mobility and unified communications, an array of innovative technologies is transforming today's data centers.
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Desktop Apps White Papers | Webcasts