You talk about RPM based ecosystems but also talk about caching up to SUSE which is a RPM based system and in any case, package formats don't affect the presence of package search web interfaces since all the major ones carry very similar metadata. So that's a bit confusing and it is unclear what you consider third party and why that matters. rpmfind.net has existed for ages and was originally maintained by a Red Hat employee IIRC and now is maintained by a Fedora contributor. If I am using the web interface, I prefer distro neutral sites like https://pkgs.org/ since I can compare across distros which is typically the only reason I am not using the package manager itself.

Im sorry but this comment is completely misinformed.

Firstly browsers are extremely complex by design, they are basically pseudo operating systems that run in a sandbox so of course they are going to contain bugs for the same reason normal operating systems contain bugs. Using your logic we can also claim that Linux is not doing their job properly because its also full of bugs.

Secondly, there is no way in hell that Debian package maintainers have enough knowledge that they can apply security backports for such software. Debian/Ubuntu has already broken packages in the past because they incorrectly apply upstream packages because they don't know what they are doing (which is not surprising since they aren't maintainers of the software).

In the end, if the release timeline/packaging process of a distro cannot work with how a certain upstream project handles things, thats a problem of the distro and not upstream. Newsflash, different upstream projects have different software processes and if your distro cannot handle different cases than its a primitive one that probably needs to have another look on how it does things.

You may as well just use Gentoo then if thats your attitude, if you cant trust package managers/binaries then just install everything from source.

My comment is not misinformed, it is well known which garbage became the modern browsers and therefore internet. Here the point is since browser are released always more faster it is basically impossible keep up after them, maintainers try to do their best and I will not complain against them. Distribution with schedule release cannot avoid package at least one browser otherwise people lesser tech savvy will not be able for instance to access to internet and download a safer browser. The issue with Debian is that it must surely define a better strategy to provide to its users a better and safe browsers improving their communication and method to access to those.

For instance the Wiki Firefox page is not really ideal and the security issues aren't mentioned at all:

https://wiki.debian.org/Firefox

You may as well just use Gentoo then if thats your attitude, if you cant trust package managers/binaries then just install everything from source.

Also outdated. Version in Debian Stable: 3.38, Version in Flathun: 41. Besides the fact that I don't want to know, how (in)compatible it is

... The reason why debian gets laughed at so much is the entire point release process that they use is inflexible and outdated and this is the precise issues it causes. ...

Is there an inherent risk by just downloading the non-ESR version from Mozilla and running it? I've been doing that since Bullseye released and am always up to date (another idiot here apparently).

ff.png

Since 20 years I use Linux now and in these years *nothing* has changed, we are still at distro wars. No wonder the outside world looks at us like they do.

I've been using a version from Mozilla's FTP servers since forever. That's what Windows and MacOS users use as well. I don't now how and why it could be considered "risky".

What makes you believe running an outdated version of the browser by your distro is less risky?