[Interest] Chromium build failure, SSL and Qt 5.6.3 vs 5.6.0,
thiago.macieira at intel.com
Tue Jul 31 17:13:12 CEST 2018
On Tuesday, 31 July 2018 05:48:29 PDT Allan Sandfeld Jensen wrote:
> On Dienstag, 31. Juli 2018 14:02:23 CEST Christian Gagneraud wrote:
> > On 31 July 2018 at 23:45, Allan Sandfeld Jensen <kde at carewolf.com> wrote:
> > > The question was: Do you want security fixes or not? The reason it was
> > > done is because we have upped our game on security fixes in webengine.
> > Can't you just backport security fixes, eg like Debian and OpenBSD do?
> Debian does not do that. They update ALL of chromium for every single
> update, even on the stable branch, because they don't have the manpower to
> backport security patches, and because backporting patches has severe
> limitations, especially for a full chromium browser as opposed to our
> subset of it. In fact no Linux distro does backports of security patches
> for Chromium, they have all given up.
You also have to remember there are lots of fixes that apply to security but
aren't marked "security patches" and have no CVE associated with them. This
applies to other big chunks of code too, like the Linux kernel.
If you want security, I recommend being on the latest latest. Not even the
latest LTS. But at least for some projects, there's an effort to keep good
LTSes that are secure (Linux, for example). Chromium doesn't.
Thiago Macieira - thiago.macieira (AT) intel.com
Software Architect - Intel Open Source Technology Center
More information about the Interest