zlacker

[parent] [thread] 8 comments
1. gsnedd+(OP)[view] [source] 2022-06-22 14:13:26
> Look at Debian's struggles with maintaining security fixes for Chromium.

I can't see anything about this anywhere giving any reasons; is it simply that they're released frequently and there aren't really any long-lived branches?

replies(1): >>gspr+63
2. gspr+63[view] [source] 2022-06-22 14:26:31
>>gsnedd+(OP)
My understanding is that the Chromium folks handle security issues with: "version x.y.z is vulnerable, please update to (x+7).(y+25).(z+2), as it is the only supported version – the fact that the diff from x.y.z is 100 kLOC and touches mostly completely unrelated things is your problem".

This isn't sustainable open source development in any practical sense. Sure, it's technically open source, but nearly useless for anything but consumption straight from Google. I'd say that that makes it practically not open source.

replies(1): >>encryp+Gi
◧◩
3. encryp+Gi[view] [source] [discussion] 2022-06-22 15:32:45
>>gspr+63
Arch has been handling minor releases on Chromium just fine. If Debian is having issues, it is most likely with them trying to backport fixes into antiquated code bases.
replies(2): >>gspr+Jv1 >>GekkeP+fF1
◧◩◪
4. gspr+Jv1[view] [source] [discussion] 2022-06-22 21:22:15
>>encryp+Gi
If a year old is considered antiquated, we have some major problems in this world.

And it's kinda my whole point: code that can only be consumed wholesale as shipped might technically be open source, but if backporting fixes to a year old version is nigh on impossible, is it truly open source in practice?

replies(1): >>encryp+WF1
◧◩◪
5. GekkeP+fF1[view] [source] [discussion] 2022-06-22 22:24:23
>>encryp+Gi
But arch is a rolling distro.

Debian has a release model for a reason and it's their raison d'etre. Of course they don't want to compromise that.

Considering the amount of other distros that use them as a base they're providing something that people want.

◧◩◪◨
6. encryp+WF1[view] [source] [discussion] 2022-06-22 22:28:18
>>gspr+Jv1
Yes it is. That is like saying because it doesn't run on an Atari that it isn't truly open source.
replies(1): >>gspr+jt2
◧◩◪◨⬒
7. gspr+jt2[view] [source] [discussion] 2022-06-23 06:14:18
>>encryp+WF1
No it's not. The Atari isn't one year old. Come on man, from your logic you might as well say that a one year old car should be fed hay since it's practically a horse.
replies(1): >>encryp+QC3
◧◩◪◨⬒⬓
8. encryp+QC3[view] [source] [discussion] 2022-06-23 15:08:00
>>gspr+jt2
Debian stable is using components often several years old, not just a year.
replies(1): >>spacem+C36
◧◩◪◨⬒⬓⬔
9. spacem+C36[view] [source] [discussion] 2022-06-24 09:32:50
>>encryp+QC3
Some parts of the system evolve faster than others. I am glad for Debian's relatively conservative policy for all my servers, but I want an evergreen browser on my desktop.
[go to top]