From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-126579-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1QpEwC-0004DM-F0
	for garchives@archives.gentoo.org; Fri, 05 Aug 2011 07:35:22 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id BFC8321C238;
	Fri,  5 Aug 2011 07:35:06 +0000 (UTC)
Received: from mail-pz0-f42.google.com (mail-pz0-f42.google.com [209.85.210.42])
	by pigeon.gentoo.org (Postfix) with ESMTP id 40B5421C08D
	for <gentoo-user@lists.gentoo.org>; Fri,  5 Aug 2011 07:34:15 +0000 (UTC)
Received: by pzk37 with SMTP id 37so3458994pzk.1
        for <gentoo-user@lists.gentoo.org>; Fri, 05 Aug 2011 00:34:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type:content-transfer-encoding;
        bh=jORlFW0ay88zMVEJ9v4WBb/GVI1p6FycV4X009j9ggE=;
        b=fYVXh+4IJF5v6nNG/PPJ94iQ1cBJP7Boo/rozP2NpVkhIPBP5g0K/idULzBqyWfPwP
         xRD0wnxZhjd53DSxtuc9klxWFfEVKcOpBcvvn3ZT5MVnoeaVqcg7V8dAy13XAUDro1aF
         LlK5ed1F8qYKZZLF4grnEcO53/InsGG9i++F4=
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Received: by 10.142.158.12 with SMTP id g12mr1676978wfe.139.1312529654548;
 Fri, 05 Aug 2011 00:34:14 -0700 (PDT)
Received: by 10.68.50.7 with HTTP; Fri, 5 Aug 2011 00:34:14 -0700 (PDT)
In-Reply-To: <CAGF8hssz=HaCo2ASZK0iUwFg=Y4SFvV2ZMVWqRQ7Hqz6ZnkDTQ@mail.gmail.com>
References: <4E3B6BF6.4090801@asyr.hopto.org>
	<CAGF8hssz=HaCo2ASZK0iUwFg=Y4SFvV2ZMVWqRQ7Hqz6ZnkDTQ@mail.gmail.com>
Date: Fri, 5 Aug 2011 09:34:14 +0200
Message-ID: <CAMix8LGAWM+is+MMjE0sc7ruQikAzAD+kiVixXpefMM_VBToiw@mail.gmail.com>
Subject: Re: [gentoo-user] www-client/chromium
From: =?UTF-8?Q?Jes=C3=BAs_J=2E_Guerrero_Botella?= <jesus.guerrero.botella@gmail.com>
To: gentoo-user@lists.gentoo.org
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Archives-Salt: 
X-Archives-Hash: 6ffb7dbc58da30be6ee30449821ce059

2011/8/5 Matthew Finkel <matthew.finkel@gmail.com>:
> On Fri, Aug 5, 2011 at 12:05 AM, Thanasis <thanasis@asyr.hopto.org> wrote=
:
>>
>> I noticed that chromium's code has a lot of vulnerabilities.
>> https://bugs.gentoo.org/buglist.cgi?quicksearch=3Dwww-client%2Fchromium
>> I suppose this is why we see so often version upgrades of it (and it's
>> not a small app to build).
>> Why is its code so, should I say prone to bugs, compared to
>> other browsers?
>>
>
> Firefox isn't perfect
> either=C2=A0https://bugs.gentoo.org/buglist.cgi?quicksearch=3Dwww-client%=
2Ffirefox&list_id=3D337885
> I think you hit the nail on the head by saying that "it's not a small app=
 to
> build". The more code that's written increases the the chances a security
> holes will be introduced into the application.

I don't think so. It's not the raw number of source code lines which
makes it more prone to bugs. I think that a closer and more realistic
number would be the number of lines divided by the number of full-time
developers, and don't forget to put in the middle of that formula how
skilled they are. Having that into account, chromium has a good base
since few teams in the planet will have the quantity and quality of
man power that Google has to devote to this project.

> And as an internet browser, they're also=C2=A0susceptible=C2=A0to many mo=
re vectors of
> attack than most other packages. For chromium specifically, I haven't loo=
ked
> at the CVEs but I suspect many are for webkit and not just Chromium.
> Just my 2c.

The webkit branch into chromium is not the same that you can find in
any other webkit-based project. They just have a common origin, but
they are maintained separately and it is my understanding that they
have diverged enough to be considered as separate things.

--=20
Jes=C3=BAs Guerrero Botella