From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1QpBuM-0005Sj-BR for garchives@archives.gentoo.org; Fri, 05 Aug 2011 04:21:14 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 1AE0321C0EA; Fri, 5 Aug 2011 04:21:05 +0000 (UTC) Received: from mail-vw0-f53.google.com (mail-vw0-f53.google.com [209.85.212.53]) by pigeon.gentoo.org (Postfix) with ESMTP id 8132821C0B7 for ; Fri, 5 Aug 2011 04:20:06 +0000 (UTC) Received: by vws13 with SMTP id 13so2327309vws.40 for ; Thu, 04 Aug 2011 21:20:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=Rjv1jEu0sFMIpeTwGyRvgmmzcHnK526c/G+dlVrdsE8=; b=pdFU8wGVW2je0ZfPHak765NfoubBPqvPqPur6uTiDLSjIQRvCSjiKawVrWYfVjUU/d OZhcml+uN8AIoeMsRCPrjuxB4uyw9dXZ6NIDqqOp11VHpTWsj1q95waSMtjB9Ve5b0cz TSFP0cae36dkPTkck3fog+cS8H0mNT1LCVeWQ= Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Received: by 10.52.67.12 with SMTP id j12mr1751828vdt.213.1312518005969; Thu, 04 Aug 2011 21:20:05 -0700 (PDT) Received: by 10.52.183.228 with HTTP; Thu, 4 Aug 2011 21:20:05 -0700 (PDT) In-Reply-To: <4E3B6BF6.4090801@asyr.hopto.org> References: <4E3B6BF6.4090801@asyr.hopto.org> Date: Fri, 5 Aug 2011 00:20:05 -0400 Message-ID: Subject: Re: [gentoo-user] www-client/chromium From: Matthew Finkel To: gentoo-user@lists.gentoo.org Content-Type: multipart/alternative; boundary=20cf307f342681d43a04a9ba69d9 X-Archives-Salt: X-Archives-Hash: 29931580826bdb5007e8b692db07022e --20cf307f342681d43a04a9ba69d9 Content-Type: text/plain; charset=ISO-8859-1 On Fri, Aug 5, 2011 at 12:05 AM, Thanasis wrote: > I noticed that chromium's code has a lot of vulnerabilities. > https://bugs.gentoo.org/buglist.cgi?quicksearch=www-client%2Fchromium > I suppose this is why we see so often version upgrades of it (and it's > not a small app to build). > Why is its code so, should I say prone to bugs, compared to > other browsers? > > Firefox isn't perfect either https://bugs.gentoo.org/buglist.cgi?quicksearch=www-client%2Ffirefox&list_id=337885 I think you hit the nail on the head by saying that "it's not a small app to build". The more code that's written increases the the chances a security holes will be introduced into the application. And as an internet browser, they're also susceptible to many more vectors of attack than most other packages. For chromium specifically, I haven't looked at the CVEs but I suspect many are for webkit and not just Chromium. Just my 2c. --20cf307f342681d43a04a9ba69d9 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
On Fri, Aug 5, 2011 at 12:05 AM, Thanasis <thanasis@asyr.ho= pto.org> wrote:
I noticed that chromium's code has a lot of vulnerabilities.
https://bugs.gentoo.org/buglist.cgi?quicksearch= =3Dwww-client%2Fchromium
I suppose this is why we see so often version upgrades of it (and it's<= br> not a small app to build).
Why is its code so, should I say prone to bugs, compared to
other browsers?


Firefox isn't perfect either=A0https://bugs.gentoo.org/buglist.cgi?quicksearch=3Dwww-client%2F= firefox&list_id=3D337885

I think you hit the nail on the head by saying that &qu= ot;it's not a small app to build". The more code that's writte= n increases the the chances a security holes will be introduced into the ap= plication.
And as an internet browser, they're also=A0susceptible=A0to many m= ore vectors of attack than most other packages. For chromium specifically, = I haven't looked at the CVEs but I suspect many are for webkit and not = just Chromium.

Just my 2c.
--20cf307f342681d43a04a9ba69d9--