Frankly their security process is inferior to Debian and I wouldn’t import anything from that distro.
Yes though Debian Testing
Frankly their security process is inferior to Debian and I wouldn’t import anything from that distro.
Yes though Debian Testing
Please elaborate.
Still Debian testing
?
Their infrastructure was hacked and had a link to backdoored versions - while that won’t affect end to end signed packages it doesn’t inspire confidence. Also they do not have a security team nor do they assign CVEs to affected software like Debian does also they don’t have the resources to implement reproducibly built packages like Debian does so any Mint specific packages will be a risk in the future.
https://www.techrepublic.com/article/why-the-linux-mint-hack-is-an-indicator-of-a-larger-problem/
They used to have a frankenDebian thing going on, but it changed in recent versions. However they are way behind on releasing versions that track Debian stable. For example LMDE 4 was only just released a few months ago this year, Depending on anything from LMDE means running something compatible with old-stable for a very long time which might introduce dependency hell.
That’s not the only CVE being exploited in the wild it’s affected by.
https://security-tracker.debian.org/tracker/CVE-2020-16013
https://security-tracker.debian.org/tracker/CVE-2020-16017
Likely many more.
What about chromium sourced from snap store?
Related:
They do little oversight of package safety/maintenance. A hidden cryptocurrency miner was slipped thru in uploads. Major apps lacked updates for a long time. Server components of the snap packaging system remain closed which gives Canonical control over the tech. Avoiding the support and proliferation of their lock-in format is a good move IMO.
Also Ubuntu anything has the tendency to be half baked abandonware once Canonical grows bored with it after they fail to monetize it.
Good points. Quoted in the dedicated snap
forum thread. Snap Store / snaps / snapd / snapcraft.io - a new software source? - #6 by Patrick Please redirect further discussion on snap
there. Leave a link here if relevant.
Would also appreciate an opinion on flathub in https://forums.whonix.org/t/flathub-as-a-source-of-software/10706 as this might also turn out as suitable software source for Firefox and/or Chromium.
Chromium version comparison
snapstore
latest/stable 87.0.4280.88 3 December 2020
vs flathub
December 4, 2020 Version 87.0.4280.88
I cannot find any version number for Chrome, Chromium but I guess it’s the same as Chrome OS as published on the google blog.
Shows the same version number.
In conclusion, both snapstore and flathub are up to date.
There’s no stable Chromium version, there’s a daily release. Chrome however does have stable point releases as noted on wiki:
87.0.4280
Debian removes Chromium from the next release:
ungoogled-chromium
December 15, 2020, Version 87.0.4280.88
Eloston and community
The Chromium Authors
Therefore no longer considering ungoogled-chromium
from flathub
.
Quote chromium - Debian Package Tracker
[2020-12-13] chromium REMOVED from testing (Debian testing watch)
Quote
Previous version: 83.0.4103.116-3.1
Current version: (not in testing)
Hint: https://release.debian.org/britney/hints/elbrus
# 20201212
Bug #973848: chromium: Unsupported version, many security bugs unfixed
Bug #960454: chromium: Make Chromium ask before downloading and enabling DRM
Bug #972134: chromium: please, consider moving the package to team-maintainance to properly maintain it
Bug #977103: chromium: FTBFS on armhf: error: write to reserved register ‘R7’
Bug #976292: design-desktop-web: drop chromium as Depends
- Migration status for chromium (- to 83.0.4103.116-3.1): BLOCKED: Rejected/violates migration policy/introduces a regression
Quote Testing Excuses for chromium -- Debian Quality Assurance
Excuse for chromium
- Migration status for chromium (- to 83.0.4103.116-3.1): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- Updating chromium introduces new bugs: #972134, #973848, #977103
- Additional info:
- Piuparts tested OK - Status of source package chromium in sid
- autopkgtest for libreoffice/blacklisted: arm64: Ignored failure, ppc64el: Ignored failure
- 96 days old (needed 5 days)
Excuses generated Sun Dec 20 10:08:21 2020
There is still recent development activity in some of these bugs. Therefore chromium
might re-enter Debian testing
.
Succeeded running Chromium from Flathub in Kicksecure.
Documented here:
(Documented in Whonix wiki for Whonix since kicksecure.com
wiki is not yet ready.)
Related: https://forums.whonix.org/t/flathub-as-a-source-of-software/10706
Not sure whos gonna solve that while its still very outdated even in sid
Chromium security issues caused by outdated packages in Debian with security issues exploited in the wild is resolved for now.
Debian uploaded the same version 87.0.4280.88-0.4~deb10u1
to Debian buster
on 2021-01-01
. References:
Its good that they pushed the sid version to buster, but this doesnt
mean this issue wont happen in the future and this isnt a permanent
guaranteed solution that we can rely on. (The package though still being
removed in the next debian version bullseye)
The question remain how long will debian take to upgrade chromium 87 to
8x , or will it ever move or upgrade from this version to another one.
Yes, situation has to be monitored.
Does the chromium flatpak package have any issues which the chromium Debian package has mentioned in Chromium Debian Package Security?