[12:59] <stevenm> Hey since 11.04 Firefox has been automatically updated to whatever the latest version is in the 'main' repo.  However you'd expect with something like 12.04 LTS and 14.04 LTS all packages would be frozen for new featues/major versions and it'd be security and bug fixes only
[12:59] <stevenm> So I'm wondering what other packages get this exception to the rule - and where more documentation can be found about these exceptions?
[13:00] <stevenm> Thunderbird maybe?
[13:01] <stevenm> looks like that has an exception too as version 31 is in precise (12.04)
[13:01] <stevenm> so is it just mozilla stuff that gets an exception?
[13:20] <stevenm> well since this is dead don't mind me if I reask this in another channel
[14:02] <mdeslaur> stevenm: https://wiki.ubuntu.com/StableReleaseUpdates/MicroReleaseExceptions
[14:06] <stevenm> mdeslaur, ah thanks - didn't know what it was called
[14:06] <stevenm> it seems LibreOffice is in there - do you know how you interpret this?      LibreOffice (2012-06-25); provisional → full on 2014-05-27
[14:07] <stevenm> is it somehow expaining why it wasn't updated in 12.04 - but maybe will be getting microupdates in 14.04?
[14:09] <mdeslaur> stevenm: it did go from 3.5.2 to 3.5.7 in 12.04
[14:09] <mdeslaur> that's because of the exception
[14:09] <stevenm> mdeslaur, but the current 'Still' (stable) release from the LO team is 4.2
[14:10] <mdeslaur> the microrelease exception doesn't typically cover major versions
[14:10] <mdeslaur> only minor versions
[14:11] <mdeslaur> the only exception to that is when, for security reasons, it's only possible to update to the latest release
[14:11] <mdeslaur> like with firefox for example
[14:11] <mdeslaur> or clamav
[14:11] <stevenm> well you can't tell me that between version 10 of firefox and version 35 - that isn't major
[14:11] <stevenm> that's the jump which 12.04 has made
[14:12] <mdeslaur> yes, it's major, but there is no viable alternative to doing that
[14:12] <stevenm> sorry I'm still not understanding why
[14:13] <stevenm> are you saying it's because mozilla don't backport their security updates?
[14:13] <mdeslaur> every firefox release fixes a large number of security issues. we used to attempt to backport them into the version that shipped in ubuntu, but as the code was rapidly changing, it was becoming more and more difficult to do so
[14:14] <mdeslaur> until we hit the point where attempting to do that was futile
[14:14] <stevenm> surely the LO team don't do security fixes in anything other than their current 'Still' and 'Fresh' releases - so surely it should be the same for them
[14:14] <stevenm> i.e. to get relevant security updates for the 3.5.7 LO - you'd need to go to 4.2
[14:14] <mdeslaur> yes, but LO has one or two security issues each year, and they are trivial to backport, so we handle that just like we do every other piece of software in ubuntu
[14:15] <mdeslaur> we backport security fixes for all packages, except the ones that aren't feasible
[14:15] <mdeslaur> like firefox
[14:15] <stevenm> and thunderbird?  surely that doesn't get that much work done on it as firefox
[14:15] <stevenm> but I notice that's bang up to date
[14:16] <mdeslaur> thunderbird uses the same engine as firefox, so has the same massive amount of security vulnerabilities each month
[14:17] <stevenm> ooh it's like their sneaking under the radar because of a technicality
[14:18] <stevenm> *they're
[14:19] <mdeslaur> basically, off the top of my head, firefox, thunderbird, clamav, chromium, mysql get whole new versions
[14:20] <stevenm> and for LO to get 'whole new versions' - they'd basically have to have more bugs?
[14:21] <stevenm> see it especially annoys me as there is no PPA for LO 'Still' - there is a PPA for 4.2 (which is 'Still' - currently) but not one that'll have whatever is currently 'Still'
[14:21] <stevenm> i've raised it with the maintainer of the LO PPA's and he's reluctant to add another
[14:21] <stevenm> and LO themselves - although they themselves create .deb's and offer them as .tar.gz's on their site - refuse to just make the .deb's available in a http debian repo
[14:22] <mdeslaur> doing whole new versions is _a lot_ more work than simply fixing the versions that shipped with the release.
[14:22] <stevenm> so in other words no automatic stable updates for LO
[14:22] <mdeslaur> as typically whole new versions want whole new versions of a bunch of libraries, etc.
[14:23] <stevenm> true - i haven't found that with LO though - the fresh and stable releases today will still work on 10.04 afaik
[14:23] <stevenm> hmm actually 12.04 is the oldest prob
[14:24] <stevenm> but 10.04 is dead of april anyway (5 years isn't it?)
[14:24] <gQuigs> stevenm: I pushed for a similaar thing for LO.. https://blueprints.launchpad.net/ubuntu/+spec/client-1308-rolling-libreoffice  .. seems it was squashed
[14:24] <stevenm> gQuigs, I pushed too - first for a better PPA ... https://bugs.freedesktop.org/show_bug.cgi?id=88318
[14:24] <stevenm> then to the LO team to run their own repo... https://bugs.freedesktop.org/show_bug.cgi?id=88322
[14:24] <stevenm> no luck on either side
[14:25] <stevenm> it did get me a few email exchanges with Bjorn though
[14:25] <mdeslaur> I do agree LO is one of those packages you really do want a more recent version
[14:26] <mdeslaur> hopefully we'll be moving to a model that will make it easier to separate the applications from the base os
[14:26] <stevenm> mdeslaur, like official official ppa's? :D
[14:26] <mdeslaur> no like, os for the base and an app store for the applications
[14:26] <mdeslaur> see ubuntu touch
[14:26] <stevenm> i.e. canonical maintained seperate repos for apps - (kinda like partner?)
[14:26] <mdeslaur> and ubuntu snappy
[14:27]  * gQuigs has been wondering if libreoffice would be considered an app or a framework in that model... or have to be split up
[14:27] <mdeslaur> and upstreams like libreoffice will be empowered to deliver their application directly to their users
[14:27] <stevenm> gQuigs, well technically you can install only the apps you want from LO
[14:28] <gQuigs> stevenm: it has a AFAICT very simplified dependency system... basically every app has to include the dependencies it needs
[14:29] <stevenm> do either of you know anything about PPA's - an idea I put to Bjorn was basically a 'PPA Alias' - i.e.  ppa:libreoffice/libreoffice-still was a pointer to ppa:libreoffice/libreoffice-4-2
[14:29] <stevenm> how possible is that do you know?
[14:30] <stevenm> see I'm all in favour of firefox having an exception (but tbh mainly because I see Ubuntu as a desktop OS as I only use debian for servers)... but it's not because of the security backporting headache - it's because I want an up to date browser (and frankly if it was installed on windows it'd self update anyway)
[14:31] <stevenm> LO needs that exception - but obviously not for security backporting reasons
[14:31] <mdeslaur> well, the problem is that half the users want stuff to update, and the other half don't
[14:31] <mdeslaur> half of server users want the latest and greatest php, and the other half want php to stay at the same version so their apps don't keep breaking
[14:31] <stevenm> I'd submit - the first half use it only for desktops, the second half are also using it (or solely for) servers
[14:32] <gQuigs> mdeslaur: I surveyed enterprise customers as part of that proposal, not one of them objected to an exception for LibO
[14:32] <stevenm> well those wanting an up to date php in 'main' are just plain silly
[14:32] <gQuigs> most enterprise customers end up having to run a LibreOffice PPA for compatibility or other reasons
[14:32] <mdeslaur> gQuigs: yeah, LO sounds like one of those that make sense, I agree with that
[14:33] <stevenm> gQuigs, yeah well I'm using it at work too - 3.5 couldn't open some things
[14:33] <mdeslaur> stevenm: you'd be surprised how often server users request the latest and greatest php
[14:33] <stevenm> well it's lovely to feel like I'm not alone in feeling this - but I've no idea how to communicate our joint feelings successfully  - is there a road from here we can all take together in getting the point over?
[14:34] <stevenm> mdeslaur, as someone who builds servers regularly I stick to what is stable and in the main repo... I only stay when *absolutely* required and don't mind using a 3rd party (or host my own) repo to do so
[14:34] <stevenm> if php was updated all the time in main - its keep 5% happy and cause a headache for another 95%
[14:35] <mdeslaur> well, debian has now moved to updating to php minor releases
[14:35] <stevenm> minor isn't so bad - nothing gets deprecated function wise between minor does it?
[14:35] <gQuigs> I'd guess for majority of major open source PHP apps, there would be little effect..  even if it started rolling to major releases (after testing of course...)
[14:36] <gQuigs> custom apps would be the issue
[14:36] <mdeslaur> stevenm: no, you just get a whole slew of new regressions
[14:36] <mdeslaur> but, anyway
[14:36] <stevenm> so gQuigs / mdeslaur in terms of LO - what can be done by us?
[14:37] <mdeslaur> pay someone to maintain a PPA?
[14:37]  * mdeslaur shrugs
[14:37] <stevenm> PPA kinda already exists like I said - it's just people need to keep changing it for the next thing labelled as 'Still'
[14:37] <stevenm> if a PPA alias was possible it'd help
[14:37] <gQuigs> try to get an exception revisted... I don't know what happened the first time
[14:37] <stevenm> or PPA redirect - whatever
[14:38] <mdeslaur> stevenm: I'm not sure what you mean by that...there should be a "still" ppa that gets whatever the latest version is
[14:38] <stevenm> mdeslaur, nope
[14:38] <stevenm> mdeslaur, but there is one for fresh
[14:39] <mdeslaur> stevenm: by that I mean "someone should..."
[14:39] <stevenm> oh I see :)
[14:41] <gQuigs> actually it is pretty easy to copy packages from one PPA to the other.. I'm guessing the issue is when do you cut over to still
[14:41] <gQuigs> if you're on 4.5.7, do you want to move 4.6.0 the second it come sout?
[14:41] <gQuigs> or just when 4.6.3 is released
[14:43] <stevenm> well 4.2 is still - 4.3 will become still when the LO project says so
[14:43] <stevenm> i'd content to go on the author of the softwares recommendation
[14:43] <stevenm> *i'm content