Firefox. Should I upgrade?

[RonB]

Firefox is bugging me to upgrade from 3.6.9 to 3.6.10 for security purposes. I'm guessing it's best to stick with the repositories, but was curious how others react to the Firefox security warnings. (I already upgraded once, from 3.6.8 to 3.6.10, but let VectorLinux's update bring it back down to 3.6.8 today.)

Thanks for any advice.

[GrannyGeek]

Firefox updates generally get into the testing repo soon after they're released. If you don't have /testing enabled, you won't see the update listed. I do install them as soon as they get into the repos. I just now installed Firefox 3.6.10 and haven't seen problems.
--GrannyGeek

[RonB]

Firefox updates generally get into the testing repo soon after they're released. If you don't have /testing enabled, you won't see the update listed. I do install them as soon as they get into the repos. I just now installed Firefox 3.6.10 and haven't seen problems.

Okay, thanks. My tendency is towards stability, so I avoid "testing" but it looks like it's a bit of a different deal with VectorLinux. Just out of curiosity, do you normally upgrade most packages that come from the testing repository? I'm just wondering if I do enable testing, will I find myself allowing all (or most) of the updates as I tend to do now.

[toothandnail]

Firefox updates generally get into the testing repo soon after they're released. If you don't have /testing enabled, you won't see the update listed. I do install them as soon as they get into the repos. I just now installed Firefox 3.6.10 and haven't seen problems.

Okay, thanks. My tendency is towards stability, so I avoid "testing" but it looks like it's a bit of a different deal with VectorLinux. Just out of curiosity, do you normally upgrade most packages that come from the testing repository? I'm just wondering if I do enable testing, will I find myself allowing all (or most) of the updates as I tend to do now.

You need to be reasonably careful when using testing. For instance, don't click 'mark all upgrades' and then click 'execute' without looking very carefully at what may be 'upgraded'. Hopefully, all the software in testing will eventually end up in patches or extra, but there are good reasons why it goes to testing first. Things may break, and doing wholesale upgrades with the testing repo enabled is not a good idea.

However, doing selective upgrades from testing is a good move. Many of the packages that end up there will be bug or security related fixes for packages already installed. While the security fixes especially are important, they still need some testing, so they will be isolated in the testing repos to start with.

Unfortunately, I do not have the access rights to place messages in the Security Advisories section of the forum, and I don't always remember to make notes on the announcements when an upgraded package is security related. Still, keeping an eye on the packages that are announced will give you an idea of what releases are there to be tried. While 'testing' always carries some risk, if it is used selectively, it should minimize the chances of breaking anything, and (if you provide feedback) helps to keep Vector Linux up to date.

Paul.

[GrannyGeek]

My tendency is towards stability, so I avoid "testing" but it looks like it's a bit of a different deal with VectorLinux. Just out of curiosity, do you normally upgrade most packages that come from the testing repository?

I'm very selective about what I upgrade with a package from /testing. I do keep my eyes and ears open about what's going on in the computer world and usually have heard about security risks. The risks I'm most concerned about would be in my browsers and in the kernel. If a serious risk is found in the kernel, I would expect upgrade packages to be available in the repos. Firefox and SeaMonkey need security fixes from time to time and I upgrade them as soon as a package is in the repos. Opera is my principal browser and my e-mail client and I upgrade it as soon as Opera puts out a new version. I get this from Opera and don't wait for a VectorLinux package. Opera is very easy to install when downloaded from opera.com. Flash and Adobe Reader also have frequent security problems and I install the updates directly from adobe.com. They are also very easy to do and don't need VectorLinux packages.

There are some programs where I'm always wanting the latest features: Scribus, Inkscape, Gimp. I usually upgrade them as soon as a package goes into the VL /testing repo. Not only do I want the latest features, but I also feel a certain obligation to test these programs so that they can get out of /testing as soon as possible. I usually *don't* upgrade other programs that are in /testing. I wait until they're in the regular repos.

I use three computers that have VectorLinux installed. My older 1.3 GHz Celeron desktop is the sacrificial lamb and if I'm uneasy about a new package in /testing, I install it there first. If nothing breaks after a bit of my testing, I put it on the other two computers.

I'm just wondering if I do enable testing, will I find myself allowing all (or most) of the updates as I tend to do now.

You don't need to have /testing enabled all the time. Just do it once in a while to see what's available and be sure you notice what repo the package is in and if you have a good reason to upgrade, do it. Then disable /testing and run Update again so that you don't see what's in /testing.
--GrannyGeek

[Deach]

For the record and I do NOT recommend this, I have two laptops running with testing enabled all the time and they've behaved wonderfully.  I DO of course check what they're gonna do before I hit the execute button.  The two laptops in question are the Dell Inspiron 120 and 130. 

[roarde]

A note here. Most often, firefox upgrades from testing won't show up if you select View>upgradable in GSlapt. The reason is that patches have a higher priority than testing. Just view all packages and search for firefox, comparing the versions you find to the latest post in VL package news and Updates.

As far as using the testing repo, I'd leave it off normally. When a package you're interested in having an upgrade for is posted to package news, wait a couple of days for bug reports or favorable replies. If it seems OK then enable testing, reload as suggested, grab only what you came for, and turn testing off.

After seeing the process the proper number of times for you (varies), you'll just naturally start leaving testing on and will have a pretty good idea of what precautions to take.

Upgrades of your favorite browser or email client from testing are usually a good idea unless posts suggest they're buggy; those updates are most often related to security or bugfixes, especially when it's firefox.