[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 3148-1] chromium-browser end of life

Op 04-02-15 om 15:40 schreef Michael Gilbert:
> On Mon, Feb 2, 2015 at 11:46 AM, Paul van der Vlis wrote:
>> I think it's a good idea to do a backport of the build-system after
>> freeze-time of testing. Then we know what the new build-environment is
>> for the coming release.
>> I can understand that Michael does not have the time and motivation for
>> such a backport, Chromium will take much time. But maybe others have.
> The backports team expects backporters to have demonstrated competence
> with the packages that they're planning to upload.  Anyone considering
> this should first get involved with the package maintenance teams
> first and help with a few unstable uploads.

I understand. Good thing. But maybe the normal packagers could think
about a backport. Or to help with it.

>> And there will be more packages with this problem, e.g. Iceweasel and
>> Icedove.
> There are unlikely to be any other packages facing the build
> environment problem during wheezy's lifetime, so it's quite likely not
> worth the effort.

In the past, Iceweasel and Icedove never had a year security support
after a new release. Maybe there where other reasons to stop the
support, but I think this should be seen as a problem/bug.
Not sure how other distro's are doing the security support of browsers.

> The reason being that very few packages are security maintained with
> new upstream versions anyway (iceweasel, mysql as examples), and
> chromium is the only one known to be willing to entirely break support
> so quickly.

Backports are most of the time maintained that way.

In my opinion Iceweasel, Chromium, etc, don't belong in "main", they
belong in "backports". Realize that backports is now enabled by default
in Jessie.

Thanks for your work on Chromium!

With regards,
Paul van der Vlis.

Paul van der Vlis Linux systeembeheer, Groningen

Reply to: