Mozilla proposes 5X slower Firefox release tempo for enterprises
ESR channel would ship a new version every 30 weeks, support with interim security updates
Computerworld - Mozilla has proposed a significantly slower Firefox release pace for enterprises, the result of a corporate backlash earlier this year against an accelerated scheme that ships a new edition of the browser every six weeks.
If the proposal is adopted, Mozilla will deliver a new version of Firefox to enterprises every 30 weeks, five times slower than to consumers. During each 30-week stretch, Mozilla would issue only security updates for the browser. In addition, each enterprise edition would be supported for an additional 12 weeks after the release of its successor, assuring companies 42 weeks of support for each version.
Mozilla now discontinues security support for a specific version of Firefox as soon as the next in line appears.
"These proposed releases would provide organizations with additional time to certify and deploy new versions of Firefox while mitigating some of the security risks of staying on an older release," said Kev Needham, Mozilla's channel manager, in a post to mozilla.dev.planning discussion forum.
The interim security updates would be limited to patches for vulnerabilities rated "critical" or "high," the two most-serious rankings in Mozilla's threat scoring system. What Mozilla calls "chem spills" -- emergency fixes labeled "out-of-band" by other vendors such as Microsoft and Adobe -- would also be included in the updates between each 30-week release.
Mozilla is calling the new release concept "Extended Support Release," or ESR. If the proposal is approved, ESR would kick off with either Firefox 8, now slated for delivery Nov. 8, or Firefox 9, which is planned to ship Dec. 20.
If ESR begins with Firefox 8, adopters would not receive a new version of the browser until Mozilla ships Firefox 13 on June 5, 2012.
"I think the proposal addresses most of the concerns of enterprises," said Mike Kaply, a consultant who specializes in writing Firefox add-ons and in customizing the browser for corporate clients.
Kaply was one of the critics who last June blasted Mozilla's rapid release schedule, saying that the six-week scheme was unworkable for enterprises because it did not give them enough time to test each update. Kaply and others raised additional issues, including Mozilla's decision not to support older editions with security updates, forcing companies to choose between running an untested browser or one that had known vulnerabilities.
Mozilla took heat over the six-week schedule, in part because Asa Dotzler, a director of Firefox, said that enterprise "has never been (and I'll argue, shouldn't be) a focus of ours," and dismissed corporate users as "a drop in the bucket."
Rival browser maker Microsoft inserted itself into the controversy to pitch its Internet Explorer (IE) browser as better suited to enterprise needs.
Mozilla's reaction to the backlash was to form a working group to look at ways to keep enterprise users happy. The ESR proposal came out of that group.
Kaply, who monitored the enterprise working group mailing list -- which Mozilla declined to make accessible to the media -- said that the proposal was largely an internal production. He acknowledged that much of the feedback he provided was integrated into the proposal, however.
Kaply was cautiously optimistic about the ESR plan. "I think this will go a long way to show that Mozilla cares about enterprise," he said. "Forty-two weeks is a nice chunk of time to move from one version to another."
But he hesitated to claim victory for enterprises until Mozilla actually committed to ESR and showed it was serious about supporting corporate users. "They made it clear that this is a proposal, said Kaply. "I've seen proposals from them before. I'm excited about this, but I'll believe it the day they roll it out."
In the proposal, Mozilla spelled out several caveats and risks, including its prediction that ESR "will be less secure than the regular release of Firefox" because new functionality and lower-level patches will not be added to the enterprise channel as fast as the one for consumers.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
- Workarounds to purge search bar from Firefox's new tab page are available
- Mozilla ships Firefox 31, adds search to new tab page
- Microsoft's IE steps back from the brink of irrelevance
- Firefox falters, falls to record low in overall browser share
- Firefox risks user backlash by adding search box to new tab page
- Google unseats Microsoft as the U.S. browser powerhouse
- Safari, Chrome push to mask URLs
- Chrome on Windows champs at the 64-bit
- Google pulls trigger, cripples some Chrome add-ons
- Microsoft shoots to shorten Internet Explorer's long tail
Read more about Desktop Apps in Computerworld's Desktop Apps Topic Center.
- Architects lead the next generation of data-driven applications Read this whitepaper to find out how application architects can quickly and confidently deliver long-lasting applications that minimize cost, complexity, and risk while...
- HTTP Status Code Cheat Sheet Look at the Graph, Find the Code and Boom - You're Solving Problems. Identifying and understanding common HTTP status codes can go a...
- Simple Solution, Big Capability Meet growing employee and business demands by connecting up to 1,000 users with powerful collaboration capabilities with a single, integrated platform -- Cisco...
- The Business Value of Continuous Delivery Download this whitepaper to learn more about the business value of Continuous Delivery and see why it could be a game changer for...
- Cloud BI in Action: Recorded Webinar of Customer, Kony, Inc. See how Kony, Inc., a leading enterprise mobility company, is using TIBCO Jaspersoft for Amazon Web Services and Redshift to achieve embedded analytics...
- Cloud BI Overview: Jaspersoft for AWS Check out this overview of Jaspersoft for AWS, to easily and affordably build business intelligence solutions as well as embed visualizations and analytics... All Desktop Apps White Papers | Webcasts