[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: please add a chromium-source binary package

On Mon, Oct 15, 2018 at 11:00:24AM -0700, Jonathan Nieder wrote:
> Hi,
> 
> Emilio Pozuelo Monfort wrote:
> >>>> Michael Gilbert wrote:
> 
> >>>>> Major updates to chromium in stable have so far been contingent on it
> >>>>> being a leaf package, where there is no chance for it to break
> >>>>> anything else.  Adding CEF as a reverse dependency would change that.
> 
> ^^
> 
> > On 15/10/2018 19:19, Steinar H. Gunderson wrote:
> >> On Mon, Jul 02, 2018 at 12:29:15PM +0200, Steinar H. Gunderson wrote:
> 
> >>> Release team, for the short recap: Would it be acceptable to have chromium
> >>> provide a chromium-source binary package, and then package CEF (Chromium
> >>> Embedded Framework) Build-Depending on that package, and then have other
> >>> packages depend on CEF? CEF aims to provide a stable API/ABI on top of
> >>> Chromium for other software to use, but needs updating whenever Chromium
> >>> releases a new major version. See #893448 for some more details.
> >>
> >> Ping :-) Release team, do you want to weigh in? If nothing else, perhaps we
> >> could add a CEF package in unstable only (ie., with a testing blocker bug)
> >> for the time being.
> >>
> >> FWIW, I've updated my CEF packages to CEF/Chromium 69; all that was required was
> >> to patch out installation of Swiftshader (since Debian's packages now disable it).
> >
> > I'm not sure we (RT) need to make any decision here.
> >
> > Adding a chromium-src for other packages to build against is not special in any
> > way, we don't approve this for other packages.
> 
> However, you do have some say in whether a package is able to have
> non-trivial updates in stable.  Can we infer from your reply that
> you're still okay with this for Chromium even if CEF relies on it,
> provided security team is okay with it?
> 
> > As for the security support concerns, that's up to the security team.
> 
> Therefore cc-ing security team.

Ultimately this is up for Michael to decide, as he's dealing with Chromium
updates single-handedly.

Personally I have no reservations against this entering unstable, but this doesn't sound
like something that should enter a stable release. If the Chrome development team with
it's hundreds of full time developers can't/wont commit to a stable interface for these
kinds of extensions, why should we kludge around this with our sparse resources?

This is rather that kind of wacky not-really-suitable-for-stable-but-still-kinda-nice stuff
we should have PPAs for.

Cheers,
        Moritz
Reply to: