Enterprise/Firefox/ExtendedSupport:Proposal

From MozillaWiki
< Enterprise
Revision as of 02:33, 22 September 2011 by Kneedham (talk | contribs) (corrected link to tb-enterprise page)
Jump to navigation Jump to search

Introduction

The shift to a new release process has been difficult for organizations that deploy Firefox to their users in a managed environment. We've heard 2 primary concerns:

  1. The release schedule doesn't allow sufficient time for the organizations and their vendors to certify new releases of the products
  2. the associated end-of-life policy exposes them to considerable security risk if they remain on a non-current version past Firefox 3.6.

These groups — which include small & medium business, enterprise, academic, and government — want to continue to offer Mozilla products to their users, but they need a version of Firefox that gives them a longer support tail than what we currently offer.

This is a proposal for an Extended Support Release (ESR) that will help meet those needs.

Note: The proposal doesn't address organizations deploying Thunderbird. A Thunderbird-specific discussion will be held on the Thunderbird Enterprise mailing list, and will be documented here.

Proposal

Mozilla will offer an Extended Support Release (ESR) based on official releases of Desktop Firefox. Releases will be maintained for seven release cycles (42 weeks), with point releases coinciding with regular Firefox releases.

To permit organizations sufficient time for testing and certification, the ESR will have a two cycle (12 week) overlap between the time of a new release and the end-of-life of the previous release. This will allow organizations to qualify and test against Aurora and Beta builds for twelve weeks leading up to the ESR, and an additional 12 weeks to certify and transition to a new ESR.

The chart below outlines the process behind the creation and maintenance of the ESR, which will be based on release versions of Firefox Desktop.

Please Note: The base Firefox release and ESR version numbers are for demonstrative purposes only; they do not reflect the final versioning scheme or initial release)

Esr-release-overview.png

Maintenance of each ESR, through point releases, would be limited to high-risk/impact security vulnerabilities and would also include chemspills (off-schedule releases that address live security vulnerabilities). Backports of any functional enhancements and/or stability fixes would not be in scope. At the end of the 30-week support tail the release will be end-of-lifed in conjunction with an updated ESR being offered.

Mozilla will continue to collect additional information on deployment of Firefox in managed environments, and will work with community groups to facilitate adoption of the official releases of Firefox in those environments. Based on the data collected and adoption of the new release process over the course of maintaining the ESR, Mozilla would announce the continuation or impending end-of-life of the program. The initial proposal would be to support a minimum of two ESR releases.

Assumptions

  • Firefox 8 or 9 will be the base for the initial ESR
  • Mozilla will commit to backporting security bugs qualified as "Critical" and "High" to the ESR. Other security and stability backports to the ESR will be included at Mozilla's discretion.
  • The ESR will have its own Application Update Service (AUS) channel, and ESR-specific point releases and major updates will be offered through that channel when a given ESR reaches its end-of-life
  • The ESR will be released day-and-date with the Firefox release it is based upon to the best of Mozilla's ability to do so.
  • Point releases to the ESR will run in parallel with the Firefox release schedule (e.g. point releases will be released every 6 weeks at the same time as a regular Firefox desktop release, chemspills when a Firefox chemspill is released)
  • When an ESR reaches end-of-life, no further point releases or chemspill updates will be offered for that ESR, and an update to the new version will be offered to users of the end-of-lifed version through the AUS channel
  • The ESR will not be marketed through mozilla.com properties other than the Enterprise wiki page and/or staging servers.
  • Firefox 3.6 will be end-of-lifed 12 weeks after the initial ESR is offered (to allow sufficient time for those groups using 3.6 to qualify and transition to the ESR)

Caveats

  • Firefox Mobile will not be maintained as an ESR
  • Only those Operating Systems, or versions thereof, supported at the beginning of an ESR will be supported through the life of that release.
  • Organizations that deploy the ESR would be strongly encouraged to participate in the Enterprise Working Group (EWG) to ensure they are kept abreast of developments, and can contribute feedback and assistance where needed.
  • Organizations that deploy the ESR will be assuming a number of risks (see below), and must understand the implications of using the ESR versus the current release of Firefox.
  • Mozilla will need to be crisp and clear in its messaging, to ensure that users of the ESR understand its limitations and risks, that they are accepting those limitations and risks, and to ensure expectations are set appropriately all around.

Benefits

  • In keeping with the Mozilla Mission, the ESR will give deployment groups an alternative to IE for their users while maintaining/extending Firefox's footprint in a managed environment, which is in the tens of millions of users (or more!).
  • The proposed ESR would provide those organizations with the time they need to maintain Firefox while pushing faster adoption of newer versions, provide a bridge to facilitate the adoption of Mozilla's new release cadence, or move back to IE or another product.
  • Can be used as an opportunity to introduce product and process changes that facilitate certification and deployment, and will ideally move organizations to a point where faster release cycles become a non-issue in deploying Firefox.
  • Helps Mozilla determine what is required to support a product for a period longer than our regular release cycle, and to build up additional expertise to be able to meet those needs without affecting critical path development.
  • Gives Mozilla time to get a better read on the opportunities in a market space it is unfamiliar with.

Risks

  • The ESR will not have the benefit of large scale testing by nightly and beta groups. As a result, the potential for the introduction of bugs which affect ESR users will be greater, and that risk needs to be understood and accepted by groups that deploy it. To help mitigate these risks, Mozilla will be asking organizations that deploy the ESR for assistance with testing alpha and/or beta builds of the ESR with their user base.
  • Over time, and ESR will be less secure than the regular release of Firefox, as new functionality will not be added at the same pace as Firefox, and only high-risk/impact security patches will be backported. It is important that organizations deploying this software understand and accept this.
  • There is the potential for confusion among Firefox users between the regular release of Firefox and the ESR. To help lessen the potential of confusion between releases, the ESR will be an associative brand of Firefox (e.g. Mozilla Firefox ESR). Specific naming has not been finalized, but the intent is to be clear that the releases are based on a released version of Firefox.
  • Maintaining the ESR will consume development resources that will impact the regular release of Mozilla products. Mozilla will need to build capability in back-porting, and will actively solicit the community for assistance in reducing the resource requirements of maintaining the ESR.
  • The ESR is specifically targeted at groups looking to deploy it within a managed environment. It is not intended for use by individuals, nor as a method to mitigate compatibility issues with addons or other software. Public (re)distribution of Mozilla-branded versions of the ESR will not be permitted.

Enterprise & Vendor Certification

One of the challenges of the ESR will be to shift testing and qualification methodologies used by deployment groups from reactive to proactive. Because the release schedule of the ESR will run in parallel with the Firefox release schedules, the release dates of the ESR and its point releases will be known well in advance.

The ESR will provide deployment groups and vendors with up to 12 weeks of testing and qualification, and an additional 12 week overlap between ESRs to certify and deploy the released version. The chart below outlines the Firefox ESR testing/qualification time-frames.

Esr-qualify.png

Additional Information (please review)

Retrieved from "https://wiki.allizom.org/index.php?title=Enterprise/Firefox/ExtendedSupport:Proposal&oldid=350245"