Mozilla, Debian and Iceweasel: the Mozillian point of view

During the Journées du Logiciel Libre 2006 (an excellent event, thanks to the organizers), I had long chats with people from Mozilla Europe (in a more constructive way than what others did). This is mostly second-hand information, since the well-informed guys from Mozilla Europe I talked with got their info from other Mozilla developers, so it might be slightly inaccurate, but still help to understand the issue. More details welcomed in comments.

The Mozilla Foundation goal is to prevent the web from becoming a proprietary web, by ensuring that Firefox, their product, has a big-enough market-share. I find it a bit disturbing to hear free software people speak about product and market-share, but well, OK. Of course, it’s quite difficult to achieve >20% market-share only with GNU/Linux users. :-)

They put a very high emphasis on the User experience. They want Firefox to look exactly the same on all platforms, even if some features (automatic plugin installation, automatic upgrades) do not fit well on a GNU/Linux system (such features don’t work with the Debian build).

They want to enforce their trademark to prevent attempts to ruin their reputation to succeed. After a question asked by Dave Neary (GNOME) to Tristan Nitot (president of Mozilla Europe), Tristan gave the example of this hacker who said he found critical security bugs in Firefox before admitting it was a joke. He also gave the example of Microsoft indirectly founding SCO. Dave Neary remarked that some people could probably be trusted (like distro maintainers). But, if I remember correctly, Tristan said that it was difficult to allow some people to use the trademark without allowing everybody to do so. Also, allowing Debian to use the trademark without allowing derivatives to do so is not possible (DFSG#8).

Iceweasel is considered a good thing inside Mozilla Europe (“It’s what we have asked them to do for a long time!“). However, some people are bitter about the fact that Debian seems to have chosen to use a gnu.org-hosted fork instead of just renaming the package to iceweasel.

During Tristan Nitot’s conference, I asked a question about length of security support (only 18 months for the 1.0 branch). The answer was that distros were supposed to upgrade to newer Firefox releases even on their stable releases (!) or to come and help with security support for stable releases. Also, the fact that Debian chooses to package Firefox following the FHS is considered a source of problems. Somebody claimed that Debian was the only distribution to package Firefox this way (seems strange, but I did not checked this claim). I’m not sure how this fits with other Mozilla-based browsers such as epiphany.

On a more technical side, they also claimed that Debian wasn’t properly collaborating with Mozilla, sending unusable 100000-lines patches for validation just before releases (haven’t checked this claim). It’s interesting to note that the same problem exists on the other side, with Mozilla releasing “security and stability” releases instead of just providing patches for the security bugs.

My personal conclusion is that Iceweasel is really a good thing, and is quite unavoidable, even if it seems that the Debian/Mozilla collaboration could maybe have been better. Let’s advertise the use of Iceweasel, Epiphany, and other Web browsers! :-)

Note : comments open for people willing to fix inaccuracies or provide references, not for a stupid childish flame-war like the one in the comment of this post. Please write your own blog entry and use a trackback if you want to provide a detailed answer!

Updates:

  • I forgot to mention that the Mozilla people talked about Debian-specific changes that changed frozen APIs, breaking extensions, and causing bug reports on b.m.o or misleading forum posts. (again, not verified)
  • Interesting blog post about the trademark issue here
  • Mike Hommey addressed most of the points I reported in this blog entry.

9 thoughts on “Mozilla, Debian and Iceweasel: the Mozillian point of view

  1. Hi Lucas,
    Mozilla started life in the Gnu world with our support(users,developers,evangalists). Then they gained marketshare vs IE(m$). Now they are running towards the non-Gnu world to claim their stake. They have a right to but at what expense? Debian likes FHS, DFSG plugins (like those used in gnuzilla), a DFSG logo, and allowing folks like Ubuntu to do-what-you-want to their software (aka 4 freedoms). Not only that but they dont trust others to care for their code. Of course any programmer is not perfect and can make a non-mozilla firefox have a security issue. But secutiry updates are made for distro-specific version of popular software all the time with no great loss to a products rep. And as you said, what distro would allow a foreign mozilla into a stable release for security updates? long live icedove, iceweasle and the yet unknow named package!

  2. “I find it a bit disturbing to hear free software people speak about product and market-share, but well, OK.”

    Why ? I don’t understand.

  3. @ploum:
    Maybe I’m a bit close-minded about this, that’s all. I’m not used to hearing people from free software projects talking about products (instead of projects), or of market-share. This vocabulary comes directly from the world of marketing. Most projects aim at providing excellent software for their users, not necessarly at conqueering other projects’ users. This kind of coopetition plays an important role in the good atmosphere inside the FS community (also, it’s something that newcomers have difficulties to understand, hence the frequent GNOME/Kde, Debian/Ubuntu, or Emacs/vim flamewars).

  4. Is it possible for the Debian Firefox maintainers to create an installer package for contrib which will install the vanilla FireFox from Mozilla’s site and do _nothing_ more. Add a comment to the installation notes for Iceweasel/Icedove/Gnuzilla explaining why this was necessary – if necessary give the installer lock stock and barrel to Mozilla and get them to maintain it. Then proceed as before.

  5. “Also, allowing Debian to use the trademark without allowing derivatives to do so is not possible (DFSG#8).”

    That’s not correct. First, we do not insist that licensees must have the right to use the same name for a modified version (DFSG#4). Second, if Debian is given the right to use the name Firefox for its patched version, that does not confer any right to people receiving Debian to distribute further-modified versions under the name Firefox, whether they do so as part of Debian or not. So there is no discrimination that would fall foul of DFSG#8.

  6. There’s nothing wrong with the Mozilla security policy. Many security problems are fixed with changes that are too large or subtle to correctly backport, as they are due to architectural changes. Mixing security and stability updates into single releases is very common and widely accepted.

    The Debian/Gentoo approach to writing their own security patches and backporting, even years later, is not and has never been a correct way to approach software security. I have witnessed at least two non-existant security “bugs” get patched in high profile software thanks to this scheme and it totally wrecks your confidence.

  7. There’s nothing wrong with the Mozilla security policy.

    This is for such reasons I believe Mozilla is going to a dead end. Not only is the software built on top of a horribly complicated pile of crap which turns every single operation into a Vietnam war in the code, but it is managed by incompetent people.

    Hopefully it is only a matter of time until another HTML engine can completely replace it, KHTML/Webkit being a good candidate.

Comments are closed.