On Friday, 23 September 2016 04:11:33 UTC+10, se...@redhat.com wrote: > On Thursday, September 22, 2016 at 3:57:01 AM UTC-4, dlme...@gmail.com wrote: > > On Monday, 15 August 2016 20:43:18 UTC+10, pixel fairy wrote: > > > On Sunday, August 14, 2016 at 3:22:30 PM UTC-7, Alex wrote: > > > ... > > > > 1. Install the Chromium browser in your appvm template - skip if you > > > > were already using it. Shut down the template VM. > > > > > > I keep wondering how safe chromium browser is. do redhat or debian track > > > updates in time with google-chrome? > > > > > > Chromium in the supported Fedora template for Qubes (FC23) contains High > > severity security bugs: > > > > FC23 = 52.0.2743.116-10.fc23. > > FC24 = 53.0.2785.113-1.fc24. > > > > See: https://apps.fedoraproject.org/packages/chromium (for builds) > > > > Numerous security vulnerabilities, including High severity CVE's here: > > https://googlechromereleases.blogspot.com.au/2016/09/stable-channel-update-for-desktop_13.html > > > > Newer RPMs available here, but haven't been tagged to either updates or > > updates-testing for FC23: > > > > http://koji.fedoraproject.org/koji/buildinfo?buildID=802754 > > > So what you're saying is we should move to Fedora 24.
Sure. However, FC23 is still listed as a supported release: https://fedoraproject.org/wiki/Releases#Current_Supported_Releases. Maybe only "Critical" security fixes would make it to FC23 though, not "High" (https://www.chromium.org/developers/severity-guidelines), but people likely assume otherwise. Note also that Chromium is not listed as a Critical Path package, unlike Firefox. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6be8b0f0-1330-4e9c-b5a0-03fa3b9befd9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
