Re: please add a chromium-source binary package

To: Jonathan Nieder <jrnieder@gmail.com>, Emilio Pozuelo Monfort <pochu@debian.org>, 893448@bugs.debian.org, Michael Gilbert <mgilbert@debian.org>, debian-release@lists.debian.org, security@debian.org
Subject: Re: please add a chromium-source binary package
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Mon, 15 Oct 2018 23:00:23 +0200
Message-id: <[🔎] 20181015210023.GA9300@pisco.westfalen.local>
In-reply-to: <[🔎] 20181015204125.nymdemhxiax7syx4@sesse.net>
References: <E1exgxW-000AZB-1M@pannekake.samfundet.no> <20180603221721.52qf7fd6qhr3uzy5@sesse.net> <E1exgxW-000AZB-1M@pannekake.samfundet.no> <20180702102915.kdafc5wz2bbzsqlg@sesse.net> <[🔎] 20181015171924.rwz4j6qa4c4smpld@sesse.net> <E1exgxW-000AZB-1M@pannekake.samfundet.no> <[🔎] 1781d37d-820d-87b1-5bef-494db66f2854@debian.org> <[🔎] 20181015180024.GA20681@aiede.svl.corp.google.com> <[🔎] 20181015203311.24smb4asqjpfityb@inutil.org> <[🔎] 20181015204125.nymdemhxiax7syx4@sesse.net>

On Mon, Oct 15, 2018 at 10:41:25PM +0200, Steinar H. Gunderson wrote:
> On Mon, Oct 15, 2018 at 10:33:11PM +0200, Moritz Muehlenhoff wrote:
> > Ultimately this is up for Michael to decide, as he's dealing with Chromium
> > updates single-handedly.
> 
> Agreed.
> 
> > Personally I have no reservations against this entering unstable, but this doesn't sound
> > like something that should enter a stable release. If the Chrome development team with
> > it's hundreds of full time developers can't/wont commit to a stable interface for these
> > kinds of extensions, why should we kludge around this with our sparse resources?
> 
> I guess the answer is because software wants it. :-)
> 
> CEF exists precisely to be an API-stable interface for this; it's unfortunate
> that Chrome doesn't care enough, but CEF is meant to be that layer, and seems
> to be doing pretty well (judging by the amount of software that uses it).

But our current infrastructure for security.debian.org doesn't scale for this
kind of API whack-a-mole. Any update to unbreak CEF after Chromium major releases
would need to go through the security team and sucks up our time which is more
usefully spend elsewhere.

Realistically, to make this would we'd need $SOMEONE to implement #817285, if
that were in place we could simply push an ACL change and enable you take care
of CEF updates in buster-security on your own.

Cheers,
        Moritz

Reply to:

References:
- Re: Bug#893448: please add a chromium-source binary package
  - From: "Steinar H. Gunderson" <sesse@debian.org>
- Re: Bug#893448: please add a chromium-source binary package
  - From: Emilio Pozuelo Monfort <pochu@debian.org>
- Re: please add a chromium-source binary package
  - From: Jonathan Nieder <jrnieder@gmail.com>
- Re: please add a chromium-source binary package
  - From: Moritz Muehlenhoff <jmm@inutil.org>
- Re: please add a chromium-source binary package
  - From: "Steinar H. Gunderson" <sesse@debian.org>

Prev by Date: Re: stretch-pu: package gnupg2/2.1.18-8~deb9u3
Next by Date: Processed: Re: Bug#908345: transition: ldc / phobos 81
Previous by thread: Re: please add a chromium-source binary package
Next by thread: Bug#911101: nmu: kannel-sqlbox_0.7.2-5
Index(es):
- Date
- Thread