** Description changed: This is a request to include the new Oxide engine into main. Oxide is required in particular by webapp-container to run the web applications into a secure and supported runtime. 1. ''Availability:'' in universe 2. ''Rationale:'' package required for a maintainable, secure, performant webcontent rendering library. Will be used by webbrowser-app, webapp-container, UbuntuWebView (QML) and by apps directly 3. ''Security:'' this is the Chromium Content API wrapped with bindings for Ubuntu. The Chromium Content API contains Blink, V8, etc and is subject to many new security vulnerabilities. The Oxide bindings are written in such a way that we are able to pull new upstream Chromium Content API versions without changing the Oxide API, offering us the ability to track upstream Chromium for security fixes. 4. ''Quality assurance:'' * No configuration is required * No debconf questions are present * Canonical is the upstream and will fix Oxide's bugs * Oxide is not included in other distros * Oxide ships a comprehensive test suite for its API and it is enabled in the build. The underlying chromium content api also has tests, but engineering effort is required to enable them. This work is planned. * Ubuntu Security team will track upstream Chromium versions and pull them into oxide. * The CI team is creating daily build/commit build PPAs for Oxide 5. ''UI standards:'' N/A 6. ''Dependencies:'' * Depends and Build-Depends all in main 7. ''Standards compliance:'' TODO 8. ''Maintenance:'' package will require significant maintenance. This will be shared by the Canonical Apps, Web browser and Security teams * subscription setup for all bugs for the oxide-developers team 9. ''Background information:'' - * TODO: The package descriptions should explain the general purpose and context of the package. Additional explanations/justifications should be done in the MIR report. + * Oxide will be using for webbrowser-app, webapp-container, UbuntuWebView and may be used directly by QML applications. It is the method the security team will use to provide updates to stable releases and images - Security checks: TODO - - More information: - http://www.chriscoulson.me.uk/blog/?p=196 - https://lists.launchpad.net/oxide/msg00003.html + Security checks: I performed a very brief security check and there were no surprises. The security team is familiar with chromium-browser and its security techniquies. We also spearheaded the solution of using chromium content api to supply an up to date browser experience with timely security updates. We believe this is the best method out of all of the different possibilities. For more information: + * http://www.chriscoulson.me.uk/blog/?p=196 + * http://www.chriscoulson.me.uk/blog/?p=242 + * http://www.chriscoulson.me.uk/blog/?p=251 + * https://lists.launchpad.net/oxide/msg00003.html
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1293681 Title: [MIR] oxide To manage notifications about this bug go to: https://bugs.launchpad.net/oxide/+bug/1293681/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
