Skipping ahead of upstream stable bumps

Question

Skipping ahead of upstream stable bumps

Closed this issue 10 months ago · 4 comments

networkException commented 10 months ago

Hey, is it really necessary to pull in unreleased patches into the aur? As in Ahrotans update branch before a release has been tagged in ungoogled-chromium?

networkException commented 10 months ago

Lgtm

👍1

Answer 1 · 2024-03-14T13:01:58.000Z

It is a recurring problem with chromium derivatives that they lag behind chromium stable releases for too long. Imo, ungoogled-chromium does that okay to pretty well compared to others. In the pull requests for the new version it seems that it needs approval from 2 other maintainers before a ungoogled-chromium release is made. Practically this means that it takes at least day and often even more for the patches to be released to public. This is obviously not desirable in terms of security. Especially for a project like mine, which would lag even further behind chromium releases if I would also wait until the official ungoogled-chromium release.

Here is my updating workflow as that is somewhat relevant to this discussion:

I regularly check the rss feed for Ahrotans update branch, the arch chromium package master branch, the ungoogled-chromium master branch and the chrome releases (maybe I forgot another feed) in my rss feed reader.
I update my PKGBUILD accordingly to the best available (pre-)release.
I push it to this github repo.
My build server will attempt to build it and it will be automatically pushed to the aur ONLY IF the build succeeds (both the ungoogled-chromium-xdg and ungoogled-chromium-xdg-bin packages at the same time).
After the build finished / fails I will get an email telling me if the build succeded or not with a tail of the log so I can further act if needed.

But I can understand why you would wait for the approval of the other maintainers, as to ensure a certain quality and reliability standard. So by me publishing these sort of 'pre-releases' of my patched ungoogled-chromium build to the aur you may worry about novice users running into a bug with my package and thinking that ungoogled-chromium itself is unstable? If that is the case maybe I could add some warning or note to the pkgdesc in the PKGBUILD?

Answer 2 · 2024-03-14T14:35:12.000Z

Fair enough. While I agree that browsers especially need timely updates, I think packaging is generally not bad advised when following the expectations the chromium release blog is setting:

The Stable channel has been updated to 122.0.6261.128/.129 for Windows and Mac and 122.0.6261.128 to Linux which will roll out over the coming days/weeks.

So by me publishing these sort of 'pre-releases' of my patched ungoogled-chromium build to the aur you may worry about novice users running into a bug with my package and thinking that ungoogled-chromium itself is unstable? If that is the case maybe I could add some warning or note to the pkgdesc in the PKGBUILD?

Yes that's one of my concerns. I think a warning would be adequate.

Answer 3 · 2024-03-14T19:53:45.000Z

Does it suffice for you to change the pkgdesc as described in the two linked pull requests above for ungoogled-chromium-xdg and ungoogled-chromium-xdg-bin? Or do you have a different proposal?