Thanks, everyone! Some great ideas for pressies from back in the festive season for many
Sorry I’m so far behind on podcasts, but just my reflections on browser updates, particularly with Debian Stable, as it’s been my workhorse for 8-9 years now, can’t even remember(!)
As far as I know Firefox ESR (default browser under Debian Stable) tracks normal Firefox but then “freezes” in a sense for several months during which only security updates are backported, not feature updates. I think this works fine for organisations, especially given that even a few years back feature updates on browsers sometimes broke things, though that’s not heard about much these days. Every several months or-so, Firefox ESR gets a large jump in version numbers when it moves forward several months on the normal Firefox numbering, so although numbering can look “very behind” that’s actually by design, and Debian inherits the same.
The issue of timely updates to browsers, especially nowadays with financial transactions, especially, is of course crucial, I agree; and they, like all security updates, really should be implemented as fast as possible. I generally find security updates on Debian Stable to be very fast. With the larger Firefox-ESR “jump” every few months, I am guessing because of the size of the job, there may well be a lag of some days, during which I definitely think use of Flatpak Firefox is preferable. That being said, once the normal repo FIrefox-ESR has reached the same latest version-point, I trust its security more than Flatpak.
I think an important question is, besides the browser, are other security problems with underlying libraries slow to fix on Debian too? I’ve never noticed this myself, though reflections from community members would be very welcome of course
As a side-note, I also think that users of LibreWolf need to keep an eye on security patches, because although it tracks normal Firefox updates, there can sometimes be a lag of a day or so (I seem to notice) before updated LibreWolf builds become available.