Re: chromium: Update to version 94.0.4606.61 (security-fixes)
On Mon, 14 Feb 2022 at 01:06:11 +0900, Roger Shimizu wrote:
> I also tried v98 based tree, and result is the same, same build error as above.
> My conclusion is that buster cannot get chromiium major version
> updated easily (except flatpak way, of course).
buster's version of flatpak does not have features that Chromium needs,
so running Chromium as a Flatpak app on buster requires an updated flatpak
from buster-backports. If the security and release teams want this to
be possible, the only way that I think is realistic would be to take
the bullseye version of flatpak, as backported into buster-backports,
and copy it into buster via -proposed-updates or -security; that seems
like it will be lower-risk than backporting arbitrary subsets of flatpak
1.10.x into (our fork of) flatpak 1.2.x.
Chromium as a Flatpak app also requires access to unprivileged creation
of user namespaces, which buster kernels don't allow by default. The
bullseye version of bubblewrap enables this as part of the transition
path to bullseye, but the buster-backports version does not.
I could easily make the buster-backports version of bubblewrap enable
unprivileged creation of user namespaces, but that doesn't seem like a
"least astonishment" change for oldstable, so I'm not going to do that
unless the security/stable-release teams ask me to.
If we aren't willing to backport this sort of thing, which we have
not historically been, then "don't use oldstable for desktop machines"
seems like the only proportionate response - sorry, Flatpak can do a lot
to facilitate app updates, but it isn't magic.
smcv
Reply to: