Hi Nicolas, Nicolas Goaziou <m...@nicolasgoaziou.fr> writes:
> Maxim Cournoyer <maxim.courno...@gmail.com> writes: > >> Nicolas Goaziou <m...@nicolasgoaziou.fr> writes: >> >> I agree that it has value; wouldn't it only be for testing website >> problems (it's still a thing in 2025 to find a website feature that only >> works with Chromium, in a nudge to the good old Internet Explorer >> days). > > My hypothetical use-case is simply to display PDF on a Chromecast. It > only needs to connect to a LAN. > >> But I'm not sure that this value is worth the exposure of unsuspecting >> user to tens of CVEs: > > [...] > >> I'd think that most users expect that security matters for web browsers >> and that they are kept up to date/secure. > > Wouldn’t a big fat warning in the description of the package help? I'm not convinced that'd be enough; existing users would probably not see it for example. I think going through the deprecation route would be a more visible option. Our (info "(guix) Deprecation Policy") suggests a one month period after the removal PATCH is submitted, plus a news to etc/news.scm broadcasting the removal in this case, because ungoogled-chromium is probably considered a 'popular' package. This would give someone one month to update it, or move it to another channel (perhaps guix-past could keep legacy browser versions around, for testing for example). -- Thanks, Maxim
