The accelerated Firefox release cycle may be great for many users, but enterprise IT folks were not thrilled. To their credit, the folks at Mozilla eventually took the complaints seriously and founded a working group to address enterprise desktop needs. However, it seems clear that the Extended Support Releases (ESRs) will be second-class citizens.
The working group has made progress and come up with a proposal that would provide an ESR for Firefox. If it’s accepted, ESR’s will have life cycle of nearly one year, and a 12 week overlap between the ESR releases.
The current assumption is that the first ESR would be Firefox 8 or 9, and Mozilla would commit to backporting “critical” and “high” level security bugs. Security issues with lesser severity would be included “at Mozilla’s discretion.” The ESRs would have their own update channel, and point releases for the ESR would follow the Firefox six-week cycle.
Anybody can use the ESRs, but Mozilla doesn’t plan to go out of its way to advertise them to consumers. According to the proposal, “the ESR will not be marketed through Mozilla.com properties other than the Enterprise wiki page and/or staging servers.” Firefox 3.6, which is still seeing updates, would stop seeing updates 12 weeks after the introduction of the first ESR.
Risks and Caveats
Note that this applies only to Firefox on the desktop, so mobile users are not going to see any changes. Mozilla also warns that the ESR won’t get the same kind of widespread testing that its nightly and beta groups provide, since it would be a different channel.
Even though Mozilla will be issuing some security updates for the ESRs, it warns that ESRs will be “less secure” than the stock Firefox. New features that make Firefox more secure won’t be backported, and “only high-risk/impact security patches will be backported.”
The working group also notes that maintaining an ESR will “consume resources” that might impact the regular release of other products.
Grudging Support
One one hand, you have to give Mozilla credit for trying to address enterprise problems. However, it’s clear that Mozilla isn’t focused on the enterprise and it’s arguable that enterprise demands are a distraction. Mozilla is a project trying to meet the needs of hundreds of millions of “regular” users. Enterprises that want rigorous testing and long product life cycles typically have to pay for the privilege, even when you’re talking about open source software.
But the effort required to support enterprises or other large organizations that demand longer product lifecycles is disproportionate to the benefit that Mozilla will derive from offering the ESRs. Accordingly, the ESR looks like it’s a half-hearted attempt at addressing criticism rather than full-on attacking a problem as Mozilla does with mainstream Firefox.
I’m not saying that Mozilla won’t make a best-effort attempt to deliver what it’s promising with the ESRs. However, ESR releases would clearly be second-class citizens. Love or loathe Internet Explorer, enterprise users and consumers get the same product. That won’t be the case with Firefox ESRs.
Mozilla seems to be between a rock and a hard place here. Unlike Microsoft and Google, there’s little upside for Mozilla in engaging enterprises. There’s no set of enterprise products for Mozilla to sell to large and slow-moving organizations, but it faces added costs and development burden to be dealt with to keep enterprises happy. Ceding the enterprise desktop to Microsoft, however, weakens Mozilla elsewhere.
Perhaps Mozilla should consider a Red Hat-like model for its enterprise channels? Even a token subscription fee would at least demonstrate that organizations are serious about supporting Mozilla in exchange for addressing their specific needs. What do you think? Is the ESR proposal a reasonable solution, or should Mozilla be trying a different approach with this audience?