Process for providing security updates for chromium-browser

[Mark Shuttleworth]

 On 18/08/10 13:38, Chris Coulson wrote:
> The issue with this process is that we are leaving users exposed to
> publicly disclosed vulnerabilities for 7 days. In addition to this,
> upstream are very keen on us being able to ship security updates in a
> more timely fashion.
>
> The process we use for updating Firefox and Thunderbird is different to
> this, in that we skip *-proposed (ie, we build in the security PPA and
> then copy the update to *-security after we've tested it). 
>
> I would like permission to use a similar process for Chromium too.

This is fine for me. Is upstream willing to pre-disclose fixes of
potential issues, so we can get a head start on testing?

> 2) The updates to the Chromium stable branch are purely for security
> fixes, with features only appearing in new major versions (every 6
> weeks). Mozilla tend to mix new features and other bug fixes in to their
> regular security updates (eg, introducing out-of-process plugins in to
> the 3.6.4 update, which was quite a major feature addition for a regular
> security update)

Chromium sounds better aligned to the way we like things, in this case.

Mark