If you applied the same reasoning to every other controversial UI change, the settings menu would become an unreadable mess of options. Without any hard numbers how would you ever know it's safe to remove a setting?
This seems like an ideal candidate for power users to tweak via extensions or the about:config page. On Monday, November 12, 2012, Zack Weinberg wrote: > On 2012-11-12 11:45 AM, Johnathan Nightingale wrote: > >> On Nov 12, 2012, at 9:46 AM, Zack Weinberg wrote: >> >> Obviously, refusing to upgrade Firefox opens up these users to >>> serious security risks. I would like to suggest that we put that >>> toggle back in, and commit to preserving tabs-on-bottom mode for >>> the foreseeable future, *just because* it will encourage this upset >>> minority of users to continue upgrading. >>> >> .... > >> >> It's true that sometimes non-security changes have major security >> impacts (c.f. session restore making people more willing to apply >> updates). I also agree that each poster in our newsgroups represents >> a constituency (100x may or may not be right, let's say it is). >> >> Nevertheless, I disagree. We've got a decade of experience with UI >> changes having vocal critics that turn out, in hindsight, to be >> minorities (e.g. tab close button position militancy around FF2). >> > .... > >> I don't believe that the discussion around tabs >> on bottom will result in any significant portion of our user base >> turning off updates. I do believe that our tab strip code is in >> desperate need of clean up, and full of edge cases that hurt >> performance, maintainability, and quality. >> > > I am the last person in the world to stand in the way of code cleanup. I > find it difficult to believe that allowing two possible relative orders of > toolbars within the chrome is more than a couple lines of CSS, but I am not > remotely an XUL person and am happy to be shown wrong. > And I think this particular change represents the last straw for a *large* > minority of users who really, really liked Firefox 3.0 and have been > getting progressively more fed up with UI changes since, but I have no > numbers to back that up. > > But with my security hat on, even a small minority of our users is still > tens or hundreds of thousands of people, and if their computers are 0wned > because they refused security updates because they didn't like our UI > changes, that potentially has cascading fallout upon a much larger > population (as the 0wned machines become malware sources themselves). > That's not something I think is justifiable by code cleanliness concerns on > our end. > > zw > ______________________________**_________________ > dev-security mailing list > dev-security@lists.mozilla.org > https://lists.mozilla.org/**listinfo/dev-security<https://lists.mozilla.org/listinfo/dev-security> > _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
