On Wed, Oct 11, 2017 at 09:52:46PM +0200, Ludovic Courtès wrote: > ng0 skribis: > > could this patch be merged into master now? > > Probably (I think at the time Marius submitted it the ‘ld’ wrapper > enhancements were not in ‘master’ yet.) > > For the security aspect though, given that it’s a fairly critical > component, I’d like to have Leo’s opinion. Thoughts? Any questions in particular? For me, the primary question is maintenance. As Marius pointed out when sending the patch, major version upgrades may be difficult, and timely delivery of security updates cannot be guaranteed. But these caveats apply to every package. [0] They aren't a reason to exclude Chromium from Guix. Now, if we add the Chromium package and then let if fall behind for weeks or months, that will be a problem, and we will need to remove it. It's relatively easy to remove packages of end-user applications, since it's rare that other packages depend on them. As always, I'm willing to help with security updates as much as my volunteer schedule allows. The other issue will be bugs caused by the use of non-bundled libraries. Presumably, important bugs are fixed in the bundled libraries before they are released by the upstream library (if ever). But again, this is an issue with all of our packages. We will address these issues when we find them. There was a new release last month, 61.0.3163. I'd like to try updating to it this weekend if I have the disk (does anyone know how much is required) and computing power. Then we can push :) [0] Users who really need to rely on the security of Chromium or Chrome should use the "official" installation from the Chromium or Google teams, and turn on auto-updates. Every update can be expected to fix critical bugs.