[Desktop-packages] [Bug 1961010] Re: firefox doesn't let its user control how or when it upgrades
> Are "Security updates" in update-manager different from the > "security pocket" that Firefox updates occur in? They shouldn't be. "Security updates" are defined as anything that is delivered through the security pocket. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to firefox in Ubuntu. https://bugs.launchpad.net/bugs/1961010 Title: firefox doesn't let its user control how or when it upgrades Status in firefox package in Ubuntu: Invalid Bug description: The Firefox package does not act like ordinary packages. When it is running, it forcibly downloads upgraded binary versions of itself and then forces the user to restart Firefox and run the new version. There used to be a Firefox setting by which the user could control this, but it has been deliberately removed. This is problematic in many ways. The first way is that it undermines the user's control over their own environment. The essential element of free software is that users control it, it does not control them. If there is behavior that is undesirable, they can fix it, not just be subjected to the arbitrary decisions of a distant corporation. For example, some users require that they have a copy of the source code that matches each binary package they are running. Firefox's covert upgrades undermine this local user policy, installing binaries that have no local matching source code. Other users may be using plugins or other applications that do not work with later versions of Firefox. It is not Firefox's decision when to upgrade -- it is the user's or system operator's. The second problem is that restarting one's browser has many side effects. For example, if one window or tab is in a video conference, forcing a restart of Firefox ejects the user from their video conference. If a video or audio file is merely playing in another window or tab, it is interrupted and not necessarily resumed after restart in the right place. Cookies and permissions (e.g. for NoScript) are not carried forward after a restart, when they are set to persist only for one session. If the Mozilla Corporation has firmly and permanently decided that it doesn't believe in the freedom of the end-users of its software, then Ubuntu should ship a patched version that DOES give its end-users freedom, by restoring the setting to disable automated updates. Firefox would continue to be able to be updated by the usual update- manager GUI (which IS under the control of the user), apt-get, or by the user explicitly installing new versions via dpkg or by building from source code. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: firefox 97.0+build2-0ubuntu0.20.04.1 ProcVersionSignature: Ubuntu 5.13.0-28.31~20.04.1-generic 5.13.19 Uname: Linux 5.13.0-28-generic x86_64 AddonCompatCheckDisabled: False ApportVersion: 2.20.11-0ubuntu27.21 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC2: gnu2520 F pulseaudio /dev/snd/controlC1: gnu2520 F pulseaudio /dev/snd/controlC0: gnu2520 F pulseaudio BuildID: 20220202182137 CasperMD5CheckResult: skip Channel: Unavailable CurrentDesktop: ubuntu:GNOME Date: Tue Feb 15 22:55:07 2022 ForcedLayersAccel: False IncompatibleExtensions: Global Menu Bar integration - globalm...@ubuntu.com English (South Africa) Language Pack - langpack-en...@firefox.mozilla.org English (GB) Language Pack - langpack-en...@firefox.mozilla.org Default - {972ce4c6-7e08-4474-a285-3208198ce6fd} InstallationDate: Installed on 2020-05-04 (652 days ago) InstallationMedia: Ubuntu 20.04 LTS "Focal Fossa" - Release amd64 (20200423) IpRoute: default via 209.16.159.254 dev enp6s0 proto static metric 100 75.101.100.0/24 dev enp6s0 proto kernel scope link src 75.101.100.46 metric 100 169.254.0.0/16 dev enp6s0 scope link metric 1000 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 209.16.159.0/24 dev enp6s0 proto kernel scope link src 209.16.159.252 metric 100 MostRecentCrashID: bp-f3d4806a-b277-49a1-b452-902072161127 PrefErrors: Unexpected character ',' before close parenthesis @ /usr/lib/firefox/omni.ja:greprefs.js:365 PrefSources: prefs.js ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash Profiles: Profile0 (Default) - LastVersion=97.0/20220202182137 (In use) RunningIncompatibleAddons: True SourcePackage: firefox SubmittedCrashIDs: bp-f3d4806a-b277-49a1-b452-902072161127 bp-4da20c64-dde1-4304-9118-238562160914 bp-16b8bc44-ebd0-46e0-a272-95feb2160908 UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 01/16/2019 dmi.bios.release: 5.13 dmi.bios.vendor: American Megatrends Inc. dmi.bios.version: F25 dmi.board.asset.tag: Default string dmi.boa
[Desktop-packages] [Bug 1961010] Re: firefox doesn't let its user control how or when it upgrades
Thank you. Yes, about:buildconfig shows the --disable-updater flag. And software-properties-gtk --open-tab=2 showed that the setting for security updates was to download and install them immediately. I have changed that setting to only download security updates rather than to install them immediately. This should allow me to schedule updates to Firefox when its ongoing continuity is not critical. (Somehow when I run update-manager, it regularly finds "Security updates" that have not been immediately applied, even though the setting was formerly "Download and install immediately". Are "Security updates" in update-manager different from the "security pocket" that Firefox updates occur in? Thank you for the diagnosis. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to firefox in Ubuntu. https://bugs.launchpad.net/bugs/1961010 Title: firefox doesn't let its user control how or when it upgrades Status in firefox package in Ubuntu: Invalid Bug description: The Firefox package does not act like ordinary packages. When it is running, it forcibly downloads upgraded binary versions of itself and then forces the user to restart Firefox and run the new version. There used to be a Firefox setting by which the user could control this, but it has been deliberately removed. This is problematic in many ways. The first way is that it undermines the user's control over their own environment. The essential element of free software is that users control it, it does not control them. If there is behavior that is undesirable, they can fix it, not just be subjected to the arbitrary decisions of a distant corporation. For example, some users require that they have a copy of the source code that matches each binary package they are running. Firefox's covert upgrades undermine this local user policy, installing binaries that have no local matching source code. Other users may be using plugins or other applications that do not work with later versions of Firefox. It is not Firefox's decision when to upgrade -- it is the user's or system operator's. The second problem is that restarting one's browser has many side effects. For example, if one window or tab is in a video conference, forcing a restart of Firefox ejects the user from their video conference. If a video or audio file is merely playing in another window or tab, it is interrupted and not necessarily resumed after restart in the right place. Cookies and permissions (e.g. for NoScript) are not carried forward after a restart, when they are set to persist only for one session. If the Mozilla Corporation has firmly and permanently decided that it doesn't believe in the freedom of the end-users of its software, then Ubuntu should ship a patched version that DOES give its end-users freedom, by restoring the setting to disable automated updates. Firefox would continue to be able to be updated by the usual update- manager GUI (which IS under the control of the user), apt-get, or by the user explicitly installing new versions via dpkg or by building from source code. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: firefox 97.0+build2-0ubuntu0.20.04.1 ProcVersionSignature: Ubuntu 5.13.0-28.31~20.04.1-generic 5.13.19 Uname: Linux 5.13.0-28-generic x86_64 AddonCompatCheckDisabled: False ApportVersion: 2.20.11-0ubuntu27.21 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC2: gnu2520 F pulseaudio /dev/snd/controlC1: gnu2520 F pulseaudio /dev/snd/controlC0: gnu2520 F pulseaudio BuildID: 20220202182137 CasperMD5CheckResult: skip Channel: Unavailable CurrentDesktop: ubuntu:GNOME Date: Tue Feb 15 22:55:07 2022 ForcedLayersAccel: False IncompatibleExtensions: Global Menu Bar integration - globalm...@ubuntu.com English (South Africa) Language Pack - langpack-en...@firefox.mozilla.org English (GB) Language Pack - langpack-en...@firefox.mozilla.org Default - {972ce4c6-7e08-4474-a285-3208198ce6fd} InstallationDate: Installed on 2020-05-04 (652 days ago) InstallationMedia: Ubuntu 20.04 LTS "Focal Fossa" - Release amd64 (20200423) IpRoute: default via 209.16.159.254 dev enp6s0 proto static metric 100 75.101.100.0/24 dev enp6s0 proto kernel scope link src 75.101.100.46 metric 100 169.254.0.0/16 dev enp6s0 scope link metric 1000 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 209.16.159.0/24 dev enp6s0 proto kernel scope link src 209.16.159.252 metric 100 MostRecentCrashID: bp-f3d4806a-b277-49a1-b452-902072161127 PrefErrors: Unexpected character ',' before close parenthesis @ /usr/lib/firefox/omni.ja:greprefs.js:365 PrefSources: prefs.js ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash Profil
[Desktop-packages] [Bug 1961010] Re: firefox doesn't let its user control how or when it upgrades
Automatic background updates of firefox are disabled in the Ubuntu builds (see the `--disable-updater` flag in about:buildconfig). Could it be that you're running an upstream version instead of the Ubuntu package? Note however that apt updates to the Ubuntu package are distributed through the security pocket, and the default setting is to download and install security updates automatically. You can change that setting (`software-properties-gtk --open-tab=2`), but beware that this will apply to all security updates. Alternatively you could `apt-mark hold firefox`. Interrupting users' browsing session is not optimal, but it is a trade- off for improved security overall. ** Changed in: firefox (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to firefox in Ubuntu. https://bugs.launchpad.net/bugs/1961010 Title: firefox doesn't let its user control how or when it upgrades Status in firefox package in Ubuntu: Invalid Bug description: The Firefox package does not act like ordinary packages. When it is running, it forcibly downloads upgraded binary versions of itself and then forces the user to restart Firefox and run the new version. There used to be a Firefox setting by which the user could control this, but it has been deliberately removed. This is problematic in many ways. The first way is that it undermines the user's control over their own environment. The essential element of free software is that users control it, it does not control them. If there is behavior that is undesirable, they can fix it, not just be subjected to the arbitrary decisions of a distant corporation. For example, some users require that they have a copy of the source code that matches each binary package they are running. Firefox's covert upgrades undermine this local user policy, installing binaries that have no local matching source code. Other users may be using plugins or other applications that do not work with later versions of Firefox. It is not Firefox's decision when to upgrade -- it is the user's or system operator's. The second problem is that restarting one's browser has many side effects. For example, if one window or tab is in a video conference, forcing a restart of Firefox ejects the user from their video conference. If a video or audio file is merely playing in another window or tab, it is interrupted and not necessarily resumed after restart in the right place. Cookies and permissions (e.g. for NoScript) are not carried forward after a restart, when they are set to persist only for one session. If the Mozilla Corporation has firmly and permanently decided that it doesn't believe in the freedom of the end-users of its software, then Ubuntu should ship a patched version that DOES give its end-users freedom, by restoring the setting to disable automated updates. Firefox would continue to be able to be updated by the usual update- manager GUI (which IS under the control of the user), apt-get, or by the user explicitly installing new versions via dpkg or by building from source code. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: firefox 97.0+build2-0ubuntu0.20.04.1 ProcVersionSignature: Ubuntu 5.13.0-28.31~20.04.1-generic 5.13.19 Uname: Linux 5.13.0-28-generic x86_64 AddonCompatCheckDisabled: False ApportVersion: 2.20.11-0ubuntu27.21 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC2: gnu2520 F pulseaudio /dev/snd/controlC1: gnu2520 F pulseaudio /dev/snd/controlC0: gnu2520 F pulseaudio BuildID: 20220202182137 CasperMD5CheckResult: skip Channel: Unavailable CurrentDesktop: ubuntu:GNOME Date: Tue Feb 15 22:55:07 2022 ForcedLayersAccel: False IncompatibleExtensions: Global Menu Bar integration - globalm...@ubuntu.com English (South Africa) Language Pack - langpack-en...@firefox.mozilla.org English (GB) Language Pack - langpack-en...@firefox.mozilla.org Default - {972ce4c6-7e08-4474-a285-3208198ce6fd} InstallationDate: Installed on 2020-05-04 (652 days ago) InstallationMedia: Ubuntu 20.04 LTS "Focal Fossa" - Release amd64 (20200423) IpRoute: default via 209.16.159.254 dev enp6s0 proto static metric 100 75.101.100.0/24 dev enp6s0 proto kernel scope link src 75.101.100.46 metric 100 169.254.0.0/16 dev enp6s0 scope link metric 1000 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 209.16.159.0/24 dev enp6s0 proto kernel scope link src 209.16.159.252 metric 100 MostRecentCrashID: bp-f3d4806a-b277-49a1-b452-902072161127 PrefErrors: Unexpected character ',' before close parenthesis @ /usr/lib/firefox/omni.ja:greprefs.js:365 PrefSources: prefs.js ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bi
[Desktop-packages] [Bug 1961010] Re: firefox doesn't let its user control how or when it upgrades
Added screenshot that happens when this bug is triggered. Firefox refuses to operate normally after this point, just displaying "Sorry. We just need to do one small thing to keep going. Firefox has just been updated in the background. Click Restart Firefox to complete the update. We will restore all your pages, windows and tabs afterwards, so you can be on your way quickly." over and over. ** Attachment added: "Screenshot from 2022-02-15 20-06-57.png" https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1961010/+attachment/5561208/+files/Screenshot%20from%202022-02-15%2020-06-57.png -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to firefox in Ubuntu. https://bugs.launchpad.net/bugs/1961010 Title: firefox doesn't let its user control how or when it upgrades Status in firefox package in Ubuntu: New Bug description: The Firefox package does not act like ordinary packages. When it is running, it forcibly downloads upgraded binary versions of itself and then forces the user to restart Firefox and run the new version. There used to be a Firefox setting by which the user could control this, but it has been deliberately removed. This is problematic in many ways. The first way is that it undermines the user's control over their own environment. The essential element of free software is that users control it, it does not control them. If there is behavior that is undesirable, they can fix it, not just be subjected to the arbitrary decisions of a distant corporation. For example, some users require that they have a copy of the source code that matches each binary package they are running. Firefox's covert upgrades undermine this local user policy, installing binaries that have no local matching source code. Other users may be using plugins or other applications that do not work with later versions of Firefox. It is not Firefox's decision when to upgrade -- it is the user's or system operator's. The second problem is that restarting one's browser has many side effects. For example, if one window or tab is in a video conference, forcing a restart of Firefox ejects the user from their video conference. If a video or audio file is merely playing in another window or tab, it is interrupted and not necessarily resumed after restart in the right place. Cookies and permissions (e.g. for NoScript) are not carried forward after a restart, when they are set to persist only for one session. If the Mozilla Corporation has firmly and permanently decided that it doesn't believe in the freedom of the end-users of its software, then Ubuntu should ship a patched version that DOES give its end-users freedom, by restoring the setting to disable automated updates. Firefox would continue to be able to be updated by the usual update- manager GUI (which IS under the control of the user), apt-get, or by the user explicitly installing new versions via dpkg or by building from source code. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: firefox 97.0+build2-0ubuntu0.20.04.1 ProcVersionSignature: Ubuntu 5.13.0-28.31~20.04.1-generic 5.13.19 Uname: Linux 5.13.0-28-generic x86_64 AddonCompatCheckDisabled: False ApportVersion: 2.20.11-0ubuntu27.21 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC2: gnu2520 F pulseaudio /dev/snd/controlC1: gnu2520 F pulseaudio /dev/snd/controlC0: gnu2520 F pulseaudio BuildID: 20220202182137 CasperMD5CheckResult: skip Channel: Unavailable CurrentDesktop: ubuntu:GNOME Date: Tue Feb 15 22:55:07 2022 ForcedLayersAccel: False IncompatibleExtensions: Global Menu Bar integration - globalm...@ubuntu.com English (South Africa) Language Pack - langpack-en...@firefox.mozilla.org English (GB) Language Pack - langpack-en...@firefox.mozilla.org Default - {972ce4c6-7e08-4474-a285-3208198ce6fd} InstallationDate: Installed on 2020-05-04 (652 days ago) InstallationMedia: Ubuntu 20.04 LTS "Focal Fossa" - Release amd64 (20200423) IpRoute: default via 209.16.159.254 dev enp6s0 proto static metric 100 75.101.100.0/24 dev enp6s0 proto kernel scope link src 75.101.100.46 metric 100 169.254.0.0/16 dev enp6s0 scope link metric 1000 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 209.16.159.0/24 dev enp6s0 proto kernel scope link src 209.16.159.252 metric 100 MostRecentCrashID: bp-f3d4806a-b277-49a1-b452-902072161127 PrefErrors: Unexpected character ',' before close parenthesis @ /usr/lib/firefox/omni.ja:greprefs.js:365 PrefSources: prefs.js ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash Profiles: Profile0 (Default) - LastVersion=97.0/20220202182137 (In use) RunningIncompatibleAddons: True SourcePackage: firefox Submitted