On Sun, May 27, 2018 at 3:36 AM, Steinar H. Gunderson wrote: > On Sat, May 26, 2018 at 11:28:29PM -0400, Michael Gilbert wrote: >> Are you intending CEF to make it into a stable release? > > Yes. > >> Since chromium's source is updated every few weeks for security updates, >> won't CEF need to be updated just as often? > > Yes. CEF generally follows Chromium fairly closely (support for a Chromium > branch begins when it enters the beta channel, and ends when it exits the > stable channel). > >> If so, I'm not sure that will be supportable over the lifetime of a stable >> release. > > It's an open question to what degree we can give it security support, indeed. > The intention is for this to go through binNMUs for minor Chromium versions; > you'd have to actually upgrade CEF when major version bumps happen, which > means CEF security support would probably lag a week or two behind Chromium > security support in such cases.
I am more concerned about major version updates. I anticipate nearly each one will cause CEF to fail to build from source, causing new RC bugs often in the stable release. Major updates to chromium in stable have so far been contingent on it being a leaf package, where there is no chance for it to break anything else. Adding CEF as a reverse dependency would change that. This is more of a question for the release team, it would need their approval. Best wishes, Mike
