Leo Famulari transcribed 2.9K bytes: > On Wed, Oct 11, 2017 at 09:52:46PM +0200, Ludovic Courtès wrote: > > ng0 skribis: > > > could this patch be merged into master now? > > > > Probably (I think at the time Marius submitted it the ‘ld’ wrapper > > enhancements were not in ‘master’ yet.) > > > > For the security aspect though, given that it’s a fairly critical > > component, I’d like to have Leo’s opinion. Thoughts? > > Any questions in particular? > > For me, the primary question is maintenance. > > As Marius pointed out when sending the patch, major version upgrades may > be difficult, and timely delivery of security updates cannot be > guaranteed. But these caveats apply to every package. [0] They aren't a > reason to exclude Chromium from Guix. > > Now, if we add the Chromium package and then let if fall behind for > weeks or months, that will be a problem, and we will need to remove it. > It's relatively easy to remove packages of end-user applications, since > it's rare that other packages depend on them. > > As always, I'm willing to help with security updates as much as my > volunteer schedule allows. > > The other issue will be bugs caused by the use of non-bundled libraries. > Presumably, important bugs are fixed in the bundled libraries before > they are released by the upstream library (if ever). But again, this is > an issue with all of our packages. We will address these issues when we > find them. > > There was a new release last month, 61.0.3163. I'd like to try updating > to it this weekend if I have the disk (does anyone know how much is > required) and computing power. Then we can push :) Around 8 GiB for a full build as far as I know, that is when you include debbuging symbols. So it's less than 8 GiB. > [0] Users who really need to rely on the security of Chromium or Chrome > should use the "official" installation from the Chromium or Google > teams, and turn on auto-updates. Every update can be expected to fix > critical bugs. -- ng0 GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 GnuPG: https://dist.ng0.infotropique.org/dist/keys/ https://www.infotropique.org https://ng0.infotropique.org