On Sat, Mar 07, 2015 at 02:19:43PM -0600, T.J. Duchene wrote:
>
>
> >> https://lists.debian.org/debian-security-announce/2015/msg00031.html
>
> >I think ^THIS is probably the biggest reason not to use Chromium.
>
> >Never mind whether it's affiliated with Google or whether that makes it
> untrustworthy.
> >If you can't keep it updated for the full lifetime of the release, it could
> be written by the most trustworthy vendor on Earth and it still wouldn't
> qualify for a good default.
>
> Hi, Isaac!
>
> That seems very strange to me. I see no reason why they cannot backport
> patches to the Wheezy version of Chromium. Debian has been doing that since
> day one on other packages. Any upstream project could change the build
> environment could happen to any project, at any time.
>
> Debian has never demanded that an upstream project stay the same for their
> convenience before now. The fact that Debian chose to stop building updates
> for that reason shows a lack of commitment to Wheezy. Unless there is
> something I don't know about - It's not that they can't use or generate a
> patch. They simply won't.
>
> t.j.
Iceweasel and Chromium are both updated to the upstream-supported version
periodically (when the current version is no longer supported).
The amount of churn between versions and the number of versions means that
it would be very difficult to backport patches.
HTH,
Isaac Dunham