Another way to look at this is: at some point, Mozilla makes a decision that even the most serious security vulnerability which can cause significant harm to users will not be fixed in some older versions. I find it difficult to justify that the FxA team should be held to a higher standard - and in some cases, it's even possible that having FxA work on such older, vulnerable Firefoxes could potentially cause *more* harm to the user.
Mark. On 14/9/17 11:03 AM, Alex Davis wrote: > Let me take a look at numbers with Leif. > > I'm sure we can get the break down of Sync and FxA by release version. > My hope would be that we can cover more than 98-99% of users by just > supporting the last ESR. (maybe wishful thinking but worth checking) > > -- > Alex Davis // Mountain View > Product Manager // FxA & Sync > (415) 769-9247 > IRC & Slack: adavis > > On Thu, Sep 14, 2017 at 8:49 AM, Mark Hammond <[email protected] > <mailto:[email protected]>> wrote: > > :thumbsup from me. > > On 14/9/17 7:36 AM, Shane Tomlinson wrote: > > Firefox 29 is the first version of Firefox desktop that used Firefox > > Accounts > > to sign in to Sync [1]. Firefox 29 was released on April 29, 2014. > > > > In the nearly 3.5 years since Firefox 29 was released, Firefox has > aged by > > 26 full releases. Perhaps surprisingly, FxA still officially maintains > > and supports sign in to Firefox 29. I just tried to make sure I > wasn't going > > to have to eat those words. It works. Yay us. > > > > The thing is, as FxA adds more features that are only supported on > > Fx >= version N, maintaining support for these old browsers is > becoming > > increasingly complex, time consuming, and expensive. Our full > functional > > test > > suite now takes an hour to run, many of the tests are for browsers > which > > have > > been unsupported by Mozilla for some time. > > > > I propose we purposely lose some of the extra baggage by > officially dropping > > support for Firefox <= current ESR - 1. Why current ESR - 1? Well, > Mozilla > > officially supports Firefox back to ESR. There are a bunch of > companies > > that > > lag behind even that, and since we are a nice group that doesn't > like to > > anger > > folks, we'll support 2 full ESRs. Current ESR is based on Firefox > 52. The > > previous ESR was based on Firefox 45. We'd officially support down to > > Firefox 45. > > > > For users that try to sign in to FxA on these old browsers, we could > > show some > > nice screen that says something along the lines of "Hey, sorry to do > > this to you, > > but your browser is really really behind the times. For your own > safety, > > here's > > a link the latest and greatest." > > > > Thoughts? > > > > Shane > > > > > > [1] - https://www.mozilla.org/en-US/firefox/29.0/releasenotes/ > <https://www.mozilla.org/en-US/firefox/29.0/releasenotes/> > > > > > > _______________________________________________ > > Sync-dev mailing list > > [email protected] <mailto:[email protected]> > > https://mail.mozilla.org/listinfo/sync-dev > <https://mail.mozilla.org/listinfo/sync-dev> > > > _______________________________________________ > Dev-fxacct mailing list > [email protected] <mailto:[email protected]> > https://mail.mozilla.org/listinfo/dev-fxacct > <https://mail.mozilla.org/listinfo/dev-fxacct> > > _______________________________________________ Sync-dev mailing list [email protected] https://mail.mozilla.org/listinfo/sync-dev
