Saturday, June 25, 2011

Long-term support for Firefox?

A debate is currently ongoing regarding long-term support of Firefox, with some surprised that Firefox 4 is being EOL'ed, and what that means for the viability of Firefox in the enterprise, if Mozilla is going to release a new version every 6 weeks.

Without stating an opinion either way (since I don't have one), there is one potential solution here that I haven't seen mentioned enough. The whole point of open source is that anyone, anywhere, can take the source code and customize it for any purpose they see fit. If there is indeed a need for long-term support for Firefox in the enterprise (and again, I am voicing no opinion on the matter), then anyone can do that. It doesn't need to be Mozilla. Anyone can form a new company, do the work to backport security fixes and QA them, and sell long-term support for Firefox (or this could be done in various other ways).

This is possible since Firefox is 100% open source. It isn't possible with proprietary software like IE, and isn't possible with software that mixes the two (like Chrome: you can sell long-term support for Chromium, but it will not have Chrome-only features like print preview, etc., so it would be a different product).

I want to stress the fact that you can sell open source software. Complying with Firefox's license doesn't preclude that. I won't get into the details, but this model works fine, just ask Red Hat. In fact I assume Red Hat already does exactly this, it sells supports for old versions of Firefox as part of Red Hat Enterprise Linux for a very long time.

Mozilla is driving Firefox forward as fast as possible, but Mozilla doesn't 'own' Firefox in the sense that it is the only party that can do things with it. Anyone can. If there is a business need for long-term support for Firefox, anyone can serve that need by selling that support.

Note that this is not a case of me saying "if you want some feature, you can always do it yourself". The situation we are talking about here is enterprise users. Big corporations do pay for support for the software they use, it is worthwhile for them to pay for such support. My point is that open source software like Firefox fits into this model perfectly - if there is a business need, anyone can step in and fill that need.

Again, I don't have an opinion myself as to whether such support is important - I don't know enough about the enterprise software market to have such an opinion. I also have nothing to do with Mozilla policy and planning, I just write code. My only point is that Firefox is open source, and that means it is business-friendly in the sense that you are not under the control of a single vendor selling you a product: You can customize the software yourself, or you can get someone else to do it for you. As an open source advocate, I wanted to point this out, since Firefox is the only major browser that is 100% open source, and that means there are solutions to a situation where people say there is a need for something, but Mozilla does not currently do that thing.


  1. Unfortunately, Mozilla is a rather complex codebase and MoCo has hired pretty much everyone who has the ability to safely do this work. I wouldn't want what happened with Debian and OpenSSL (CVE-2008-0166) to happen to a LTS Firefox because of a badly applied patch. If I stretch it, I think there's maybe half a dozen people that I would trust to do this... (Obviously, I'm not one of them.)

  2. There might be few people that can do this work right away. But the world is full of good engineers who can learn the necessary skills for this or for basically any other challenging software job.

  3. There is one thing Mozilla could do that would be more beneficial than anything else: Provide an MSI installer.

    Sadly, there that bug has been stalled for no apparent reason.

  4. I suggested this exact same thing here:

    In fact, this will be better for all concerned because Mozilla has never had the resources to cater properly to 2 markets (i.e. enterprise and consumer) --- the MSI installers being just one of many, many examples (another example is the CCK). The enterprise-oriented group may also stand to make *much* more money than MoCo/MoFo ever has.

  5. As usually - anybody *could* do it but only Mozilla is in the position to really do it. It's the same thing with XULRunner for example, there has been much talk about "somebody else" taking over its maintenance but nobody materialized. It really isn't that simple and would require a huge investment from an outside company. What would be the incentives?

  6. This has been discussed before, also in relation to finding a business model for Thunderbird. As previous comments say, this is not cheap or easy to do - Mozilla Corp is best placed to do it, and they think it's too costly.

    As noted in mkaply's post, enterprises make decisions based on money - the benefit to them of using Firefox over IE is not perceived to be big, so they're not going to be prepared to pay much for support (unless the benefit of using Firefox 7/8/9 over IE 9/10 can be increased?).

  7. > As noted in mkaply's post, enterprises make decisions based on money - the benefit to them of using Firefox over IE is not perceived to be big, so they're not going to be prepared to pay much for support (unless the benefit of using Firefox 7/8/9 over IE 9/10 can be increased?).

    A few financial benefits of a recent Firefox compared to IE:

    1. Works on XP. No need to replace older machines and/or OSes, unlike IE9 (and IE10 will not even run on Vista).

    2. Works on OS X, so can standardize on a single browser for the entire company if you already have OS X laptops, or makes you more comfortable agreeing to the requests for them if not.

  8. Actually, only Mozilla can release Firefox. Versions released by other organisations need an alternative name (e.g. Iceweasel)

  9. @Ian:

    That isn't true. Ubuntu for example releases Firefox.

    You do need to get Mozilla's consent to use the Firefox brand. But as with the Ubuntu example, it seems clear that it is in everybody's interest to work together on this, so I would assume this would be worked out.

  10. I learnt the Firefox code base for precisely this reason. We needed a custom Firefox inside our business for an enterprise customer to ensure they could reliably use our application.

    On the other hand when I left they were completely lacking in the necessary skills to maintain it! Do enterprises really want to put themselves at the mercy of contractors who are in very low supply?

    A far less risky strategy is not to use Firefox.

  11. Think a little more creatively.

    An enterprise-focused organisation could provide not just Firefox LTS, but also developer training, basic off-the-shelf intranet software, custom-designed intranets, hosting services, etc.

    Mozilla would never (and should never) do any of this, but a separate org can.

  12. Whilst what you say is right it kind of misses the point, Surely the obvious answer is to undo this silly decision - point versions should be bug fixes and security releases only, new features should be in major version updates.

    All of us who work in Enterprises and have evangelised for Fifrefox at work and with our friends are feeling badly let down now.

    Lets see a commitment to a stable branch under the Mozilla name and ask for volunteers to work on that - perhaps some Enterprises will put their staff forward as part of that.