Author: John Morris Date: To: dng Subject: Re: [Dng] Plan for Devuan to use Mozilla products as is
On Wed, 2015-03-04 at 21:09 -0500, Jude Nelson wrote: > > Besides issues related to Chromium's poor support for privacy features,
> > it also has no real security support.
>
> No comment on the privacy features, but I beg to differ on the security.
> The fact that the Linux build of Chromium runs each tab and plugin in its
> own seccomp'ed process and runs them all separately from a "kernel" process
> puts the browser worlds ahead of Firefox in terms of security. Excluding
> project Electrolysis (which I look forward to), the fact that Firefox runs
> every tab in the same process means that one bad tab can compromise the
> whole browser without too much effort. By contrast, Chromium's
> kernel/process-per-tab factoring has led to secure browser designs [1]
> where this class of exploit and others are provably impossible.
Methinks you missed the point. Forget the kewl tech and concentrate on
the people problem. Chromium/Chrome can't be secure on a Linux based on
Debian, period. Full stop, end of discussion. They do not support
anything but the current version and it quickly becomes unbuildable on a
stable Debian release because they freely import dependencies on every
new and shiny bit they see and expect it to be present in the very
latest version.
They don't even support RHEL 6, you have to grovel around on the
Internet for wildly unsupported and dubious procedures (involving
repackaging Fedora binary packages and shoving them down /opt and
LD_LIBRARY_PATH trickery) to keep Chrome running, I know because I'm
supporting fifty some odd workstations right now running CentOS 6 and
need more than one browser available. They didn't just drop support for
6 when RHEL 7/Centos 7 shipped, no they dropped it over a year before
the beta for 7 even appeared. And that is the 'Enterprise' distro with
the big corporate accounts; Google doesn't give a crap. Moz didn't
either, but when enough large sites complained about the constant
version churn they at least delivered an LTS version.
They are far worse than Moz when it comes to treating Linux
(Android/Linux and Chrome/Linux excepted of course) as a red headed
stepchild. If you want Chrome you run Windows, ChromeOS or a bleeding
edge Linux distro.