GNU bug report logs - #28004
Chromium

Previous Next

Full log

View this message in rfc822 format

From: ng0 <ng0 <at> infotropique.org>
To: Leo Famulari <leo <at> famulari.name>
Cc: 28004 <at> debbugs.gnu.org, Ludovic Courtès <ludo <at> gnu.org>, Marius Bakke <mbakke <at> fastmail.com>, ng0 <ng0 <at> infotropique.org>
Subject: [bug#28004] Chromium
Date: Thu, 12 Oct 2017 20:28:18 +0000

[Message part 1 (text/plain, inline)]

Leo Famulari transcribed 2.9K bytes:
> On Wed, Oct 11, 2017 at 09:52:46PM +0200, Ludovic Courtès wrote:
> > ng0 <ng0 <at> infotropique.org> skribis:
> > > could this patch be merged into master now?
> > 
> > Probably (I think at the time Marius submitted it the ‘ld’ wrapper
> > enhancements were not in ‘master’ yet.)
> > 
> > For the security aspect though, given that it’s a fairly critical
> > component, I’d like to have Leo’s opinion.  Thoughts?
> 
> Any questions in particular?
> 
> For me, the primary question is maintenance.
> 
> As Marius pointed out when sending the patch, major version upgrades may
> be difficult, and timely delivery of security updates cannot be
> guaranteed. But these caveats apply to every package. [0] They aren't a
> reason to exclude Chromium from Guix.
> 
> Now, if we add the Chromium package and then let if fall behind for
> weeks or months, that will be a problem, and we will need to remove it.
> It's relatively easy to remove packages of end-user applications, since
> it's rare that other packages depend on them.
> 
> As always, I'm willing to help with security updates as much as my
> volunteer schedule allows.
> 
> The other issue will be bugs caused by the use of non-bundled libraries.
> Presumably, important bugs are fixed in the bundled libraries before
> they are released by the upstream library (if ever). But again, this is
> an issue with all of our packages. We will address these issues when we
> find them.
> 
> There was a new release last month, 61.0.3163. I'd like to try updating
> to it this weekend if I have the disk (does anyone know how much is
> required) and computing power. Then we can push :)

Around 8 GiB for a full build as far as I know, that is when you include
debbuging symbols. So it's less than 8 GiB.

> [0] Users who really need to rely on the security of Chromium or Chrome
> should use the "official" installation from the Chromium or Google
> teams, and turn on auto-updates. Every update can be expected to fix
> critical bugs.
-- 
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://dist.ng0.infotropique.org/dist/keys/
https://www.infotropique.org https://ng0.infotropique.org

[signature.asc (application/pgp-signature, inline)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.