I keep wondering how safe chromium browser is. do redhat or debian track updates in time with google-chrome?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 2016-08-14 15:22, IX4 Svs wrote:
> Just spent a few minutes to figure this out so I thought I'd share.
>
Thanks, Alex! Would you mind if we added this to the docs at some point?
Is F-Droid's Silence any better than Signal given it can run without Google Play Store?
where would you get one? you mean chromiumos?
> Added:
>
> https://www.qubes-os.org/doc/signal/
>
> Thanks!
just to clarify, this method will soon stop working because chrome apps are being killed, only chromeos (and probably chromiumos) will be able to run it.
there isn't yet a viable qubes-os chrome desktop. cr os linux, linked above, is not chrome os, its just the chrome browser on the cinnamon desktop. so, unless its hacked to run chromeos apps, that wont work either.
it is possible to build your own, or download an unofficial build of chromeos.
whispersystems might make another desktop app that does not depend on chrome. or someone can take the source and make one.
> just to clarify, this method will soon stop working because chrome apps are being killed, only chromeos (and probably chromiumos) will be able to run it.
this might fix that. https://github.com/koush/electron-chrome
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Added:On 2016-08-15 14:43, IX4 Svs wrote:
> On Mon, Aug 15, 2016 at 10:19 AM, Andrew David Wong <a...@qubes-os.org>
> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
>>
>> On 2016-08-14 15:22, IX4 Svs wrote:
>>> Just spent a few minutes to figure this out so I thought I'd share.
>>>
>>
>> Thanks, Alex! Would you mind if we added this to the docs at some point?
>>
>>
> Not at all - especially if you improve my clumsy way of creating the custom
> shortcut (steps 7-12) and use the proper Qubes way that Nicklaus linked
> to.
>
> Cheers,
>
> Alex
>
https://www.qubes-os.org/doc/signal/
> A worked example that replaces all but the first step of the " Creating a
> Shortcut in KDE" section of https://www.qubes-os.org/doc/signal/ would be
> very much welcome.
>
Agreed.
Chromium in the supported Fedora template for Qubes (FC23) contains High severity security bugs:
FC23 = 52.0.2743.116-10.fc23.
FC24 = 53.0.2785.113-1.fc24.
See: https://apps.fedoraproject.org/packages/chromium (for builds)
Numerous security vulnerabilities, including High severity CVE's here:
https://googlechromereleases.blogspot.com.au/2016/09/stable-channel-update-for-desktop_13.html
Newer RPMs available here, but haven't been tagged to either updates or updates-testing for FC23:
So what you're saying is we should move to Fedora 24.
Sure. However, FC23 is still listed as a supported release: https://fedoraproject.org/wiki/Releases#Current_Supported_Releases. Maybe only "Critical" security fixes would make it to FC23 though, not "High" (https://www.chromium.org/developers/severity-guidelines), but people likely assume otherwise. Note also that Chromium is not listed as a Critical Path package, unlike Firefox.
Qubes 3.1 doesn't have an fc24 template.
Qubes 3.2 won't be released with fc23 because it's too late in testing, but will (does currently for the RC) have an fc24 template available.
It looks like chromium-53.0.2785.116-1.fc23 should now be in 'updates-testing' repo (since 2016-09-21 17:43:43Z), but it hasn't propagated far.
Out of 6 mirrors in Australia, only one here even had the previous 53.0.2785.113-1.fc23.x86_64, in 'updates-testing', which is now ~8 days old.
YMMV, but looks like Fedora needs to drop some consistently slow mirrors: https://admin.fedoraproject.org/mirrormanager/propgation
Also, if fc23 users want Chromium, it needs package testers. https://fedoraproject.org/wiki/QA:Updates_Testing.