Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: "Jesús J. Guerrero Botella" <jesus.guerrero.botella@×××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] www-client/chromium
Date: Fri, 05 Aug 2011 07:35:22
Message-Id: CAMix8LGAWM+is+MMjE0sc7ruQikAzAD+kiVixXpefMM_VBToiw@mail.gmail.com
In Reply to: Re: [gentoo-user] www-client/chromium by Matthew Finkel
1 2011/8/5 Matthew Finkel <matthew.finkel@×××××.com>:
2 > On Fri, Aug 5, 2011 at 12:05 AM, Thanasis <thanasis@××××××××××.org> wrote:
3 >>
4 >> I noticed that chromium's code has a lot of vulnerabilities.
5 >> https://bugs.gentoo.org/buglist.cgi?quicksearch=www-client%2Fchromium
6 >> I suppose this is why we see so often version upgrades of it (and it's
7 >> not a small app to build).
8 >> Why is its code so, should I say prone to bugs, compared to
9 >> other browsers?
10 >>
11 >
12 > Firefox isn't perfect
13 > either https://bugs.gentoo.org/buglist.cgi?quicksearch=www-client%2Ffirefox&list_id=337885
14 > I think you hit the nail on the head by saying that "it's not a small app to
15 > build". The more code that's written increases the the chances a security
16 > holes will be introduced into the application.
17
18 I don't think so. It's not the raw number of source code lines which
19 makes it more prone to bugs. I think that a closer and more realistic
20 number would be the number of lines divided by the number of full-time
21 developers, and don't forget to put in the middle of that formula how
22 skilled they are. Having that into account, chromium has a good base
23 since few teams in the planet will have the quantity and quality of
24 man power that Google has to devote to this project.
25
26 > And as an internet browser, they're also susceptible to many more vectors of
27 > attack than most other packages. For chromium specifically, I haven't looked
28 > at the CVEs but I suspect many are for webkit and not just Chromium.
29 > Just my 2c.
30
31 The webkit branch into chromium is not the same that you can find in
32 any other webkit-based project. They just have a common origin, but
33 they are maintained separately and it is my understanding that they
34 have diverged enough to be considered as separate things.
35
36 --
37 Jesús Guerrero Botella

Replies

Subject Author
Re: [gentoo-user] www-client/chromium Matthew Finkel <matthew.finkel@×××××.com>
Report Message
Find on MARC Find on Google Groups