[Nix-dev] Chromium: Unpatched CVEs or Missing Features?

[Graham Christensen]

Hello nix-dev,

I wanted to solicit some feedback and contributions on an important
pull request already in progress.

Back story:
-----------

Nixpkgs has been shipping an old version of Chromium for at least 20
days. Part of this is due to upstream changing their build tool from
GYP to GN. This change broke our tooling and configuration, and thusly
we haven't been able to update. Because of this we are in dire need of
releasing an update, and our chromium is subject to many CVEs.

Now:
----

Aszlig has submitted a nice PR [0] doing most of the work getting us
switched to GN, and now we are able to upgrade. The catch is with these
updates come with important feature breaks:

 - Enabling flash has no effect
 - Enabling widevine has no effect

This means sites that use these features will no longer work, including
some personal favorites like Netflix. This would be fine with me, but
this is being backported to stable, and enabling these flags don't
create an error but instead silently fail to work. I'm hesitant to push
out an update which will silently and critically break a user's browser
in the stable release.


Call to action:
---------------

1. Provide feedback. Should we release it anyway? Should we wait until
the features work? Should we add asserts to force breakage if you're
using those features?

2. Provide patches. Obviously if the flash, widevine, etc. features
start to work we can release this immediately.


Timeline:
---------

I'm planning on merging this PR as-is on Wednesday, unless it is merged
sooner, or an improvement is imminent.

Thank you!
Graham Christensen

[0] https://github.com/NixOS/nixpkgs/pull/20120