Serious Discussion fedora 40

Vitali Ortzi said:
Firefox isn't a secure browser but it's okay on windows but on Linux it doesn't have as good sandboxing , mitigations Firefox and Chromium | Madaidan's Insecurities
Personally I'm using brave (has cname blocking in their ad blocker ) but if you don't need cname blocking then the most secure browser is hardened chromium that secureblue uses but it might require Hardened malloc as well (it's far more secure then brave )
Click to expand...
perhaps, just noting that the Madaidan article is +2.5 years old (unless the article gets updated without notation)
I am new to Silverblue atomic and just know the little I read, ie, flatpaks are sandboxed with bubblewrap. I will look today to see if there's a flatpak brave.
 
  • Like
Reactions: oldschool
@Vitali Ortzi , do you find that secureblue keeps up with patches? Browsers gets new vulnerabilities with every new version, and up to date patches is of major importance. Just don't want to dive into a distro that doesn't have the manpower to do that.

I think the browser vendors should Stop making new versions every couple of weeks and release good secure and debugged versions maybe every few months, complete with static and dynamic code checking and fuzzing.
 
Last edited:
  • Like
Reactions: simmerskool
Victor M said:
@Vitali Ortzi , do you find that secureblue keeps up with patches? Browsers gets new vulnerabilities with every new version, and up to date patches is of major importance. Just don't want to dive into a distro that doesn't have the manpower to do that.

I think the browser vendors should Stop making new versions every couple of weeks and release good secure and debugged versions maybe every few months, complete with static and dynamic code checking and fuzzing.
Click to expand...
You have to thank Google for that:
For more than a decade, Chrome has shipped a new milestone every 6 weeks, delivering security, stability, speed and simplicity to our users and the web. As we have improved our testing and release processes for Chrome, and deployed bi-weekly security updates to improve our patch gap, it became clear that we could shorten our release cycle and deliver new features more quickly.
Click to expand...
blog.chromium.org

Speeding up Chrome's release cycle

For more than a decade, Chrome has shipped a new milestone every 6 weeks, delivering security, stability, speed and simplicity to our users ...
blog.chromium.org blog.chromium.org
More generally, we continue to work on the “patch gap”, where security bug fixes are posted in our open-source code repository but then take some time before they are released as a Chrome stable update. We now make regular refresh releases every two weeks, containing the latest severe security fixes. This has brought down the median “patch gap” from 33 days in Chrome 76 to 15 days in Chrome 78, and we continue to work on improving it.
Click to expand...

Q4 2019 Summary from Chrome Security

groups.google.com groups.google.com
 
  • Like
Reactions: simmerskool
Victor M said:
@Vitali Ortzi , do you find that secureblue keeps up with patches? Browsers gets new vulnerabilities with every new version, and up to date patches is of major importance. Just don't want to dive into a distro that doesn't have the manpower to do that.

I think the browser vendors should Stop making new versions every couple of weeks and release good secure and debugged versions maybe every few months, complete with static and dynamic code checking and fuzzing.
Click to expand...
Every time I check the repo there is usually daily commits to the browser used GitHub - secureblue/hardened-chromium: A hardened chromium for desktop Linux inspired by Vanadium.
But yes it's just a 5 contributors working on it but so far they have done incredible work keeping up to date with vanadium chromium base
Although most commits are done by a single dev
 
Last edited:
  • Like
Reactions: Brahman, Victor M, simmerskool and 2 others
Vitali Ortzi said:
Every time I check the repo there is usually daily commits to the browser used GitHub - secureblue/hardened-chromium: A hardened chromium for desktop Linux inspired by Vanadium.
But yes it's just a 5 contributors working on it but so far they have done incredible work keeping up to date with vanadium chromium base
Although most commits are done by a single dev
Click to expand...
fwiw went over to github and now I have a (little bit) better understanding about secureblue/hardened-chromium but no attempt yet to implement here -- I still renewing my entire linux experience...
 

You may also like...