this post was submitted on 27 Oct 2024
351 points (97.8% liked)

Technology

58970 readers
4429 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

If, like me, you've relied on Fennec as a more tolerable version of Firefox for Android, you may have gotten some bad news in the latest F-droid update cycle.

Fennec has fallen so far behind on updates that serious security patches implemented by Mozilla in Firefox haven't been applied to the fork, and Fennec is therefore still breachable.

The developer responded two weeks ago that they were "short on time", and there still isn't a new, secure version available. This appears to be due to that recurring weak link in open source development: small teams, confronted by real life demands like time and money?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 98 points 2 days ago (2 children)

It's just very unfortunate timing. Google removed some library Firefox depended on in NDK and it meant developers need to make significant changes to their packaging system. At the same time critical vulnerably was discovered in Firefox. On top of that, everything happened when main developer of Fennec was away from home and short on time. But from what I've seen on Fennec gitlab most of the work is done so you should expect update soon.

[–] [email protected] 29 points 2 days ago* (last edited 2 days ago)

Yep, it's this. Annoying change, but from what I was reading, perfectly solvable with a little time. Unfortunately the dev was moving house, so they fell a version behind at the worst possible moment, but they're aware of the issue. I'm not too concerned.

Had it not been for FDroid's warning, I wouldn't have even realized Fennec was a version behind (now 2). Normally it's not that big a deal.

[–] [email protected] 5 points 2 days ago (1 children)

Firefox 130 was released on the 3th of September, almost 2 months ago. This didn't just happen in a short time frame.

[–] [email protected] 8 points 1 day ago

Fennec being a version behind for over a month because the dev was absent wouldn't normally be that big a deal if not for the vulnerability being discovered.