{"update": {"autokarma": true, "autotime": true, "stable_karma": 3, "stable_days": 7, "unstable_karma": -3, "require_bugs": false, "require_testcases": true, "display_name": "", "notes": "This is probably not the update you want.\n\nLet me be clear, it does fix the security vulnerabilities in this list:\n\nCVE-2020-16044 CVE-2021-21118 CVE-2021-21119 CVE-2021-21120 CVE-2021-21121 CVE-2021-21122 CVE-2021-21123 CVE-2021-21124 CVE-2021-21125 CVE-2021-21126 CVE-2021-21127 CVE-2021-21129 CVE-2021-21130 CVE-2021-21131 CVE-2021-21132 CVE-2021-21133 CVE-2021-21134 CVE-2021-21135 CVE-2021-21136 CVE-2021-21137 CVE-2021-21138 CVE-2021-21139 CVE-2021-21140 CVE-2021-21141 CVE-2021-21117 CVE-2021-21128\n\nBut it will not behave like Google Chrome does.\n\nGoogle has announced that it is cutting off access to the Sync and \"other Google Exclusive\" APIs from all builds except Google Chrome. This will make the Fedora Chromium build significantly less functional (along with every other distro packaged Chromium). It is noteworthy that Google _gave_ the builders of distribution Chromium packages these access rights back in 2013 via API keys, specifically so that we could have open source builds of Chromium with (near) feature parity to Chrome. And now they're taking it away. The reasoning given for this change? Google does not want users to be able to \"access their personal Chrome Sync data (such as bookmarks) ... with a non-Google, Chromium-based browser.\" They're not closing a security hole, they're just requiring that everyone use Chrome.\n\nOr to put it bluntly, they do not want you to access their Google API functionality without using proprietary software (Google Chrome). There is no good reason for Google to do this, other than to force people to use Chrome.\n\nI gave a lot of thought to whether I wanted to continue to maintain the Chromium package in Fedora, given that many (most?) users will be confused/annoyed when API functionality like sync and geolocation stops working for no good reason. Ultimately, I decided to continue for now, because there were at least some users who didn't mind, and if I stopped, someone else would start over and run blindly into this problem.\n\nI would say that you might want to reconsider whether you want to use Chromium or not. If you want the full \"Google\" experience, you can run the proprietary Chrome. If you want to use a FOSS browser that isn't hobbled, there is a Firefox package in Fedora.\n\nOh, last, but not least, Google isn't shutting off the API access until March 15, 2021, but I have gone ahead and disabled it starting with this update. I'd rather you read about it here (even though most users will never see this) than have it just happen.", "type": "security", "status": "stable", "request": null, "severity": "high", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": false, "critpath_groups": null, "close_bugs": true, "date_submitted": "2021-01-22 19:03:19", "date_modified": null, "date_approved": null, "date_testing": "2021-01-23 01:20:35", "date_stable": "2021-01-31 01:08:28", "alias": "FEDORA-2021-b7cc24375b", "test_gating_status": "ignored", "from_tag": null, "date_pushed": "2021-01-31 01:08:28", "meets_testing_requirements": true, "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2021-b7cc24375b", "title": "chromium-88.0.4324.96-1.fc32", "version_hash": "bce1ab424bc844c211408f56c6c3e2679353385f", "release": {"name": "F32", "long_name": "Fedora 32", "version": "32", "id_prefix": "FEDORA", "branch": "f32", "dist_tag": "f32", "stable_tag": "f32-updates", "testing_tag": "f32-updates-testing", "candidate_tag": "f32-updates-candidate", "pending_signing_tag": "f32-signing-pending", "pending_testing_tag": "f32-updates-testing-pending", "pending_stable_tag": "f32-updates-pending", "override_tag": "f32-override", "mail_template": "fedora_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": false, "package_manager": "dnf", "testing_repository": "updates-testing", "released_on": null, "eol": null, "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "spot", "email": "spotrh@gmail.com", "id": 224, "avatar": "https://seccdn.libravatar.org/avatar/6fe82351f854e333f2fb661c4fa2fcc3172d897a90ab823204327fa9e5c82de5?s=24&d=retro", "openid": "spot.id.fedoraproject.org", "groups": [{"name": "provenpackager"}, {"name": "packager"}, {"name": "arm-qa"}, {"name": "cvsfedora"}, {"name": "mirror-ia64"}, {"name": "gitfedora-logos"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "signed_fpca"}, {"name": "openhw2012"}, {"name": "paste-deleter"}, {"name": "3d-printing-sig"}, {"name": "cla_redhat"}, {"name": "fedora-contributor"}, {"name": "gitgeneric-release"}, {"name": "gitmoksha"}, {"name": "irc-support-operators"}, {"name": "ipausers"}, {"name": "r-maint-sig"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by spot. ", "timestamp": "2021-01-22 19:03:19", "update_id": 274228, "user_id": 91, "id": 1832000, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'ignored'.", "timestamp": "2021-01-22 19:03:19", "update_id": 274228, "user_id": 91, "id": 1832001, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'waiting'.", "timestamp": "2021-01-22 19:03:19", "update_id": 274228, "user_id": 91, "id": 1832002, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'ignored'.", "timestamp": "2021-01-22 20:02:57", "update_id": 274228, "user_id": 91, "id": 1832045, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2021-01-23 01:21:05", "update_id": 274228, "user_id": 91, "id": 1832423, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 1, "karma_critpath": 0, "text": "I'll always prefer chromium over chrome. Thank you for your work.", "timestamp": "2021-01-24 07:17:56", "update_id": 274228, "user_id": 4054, "id": 1833870, "bug_feedback": [{"karma": 0, "comment_id": 1833870, "bug_id": 1918218, "bug": {"bug_id": 1918218, "title": "CVE-2021-21118 chromium-browser: Insufficient data validation in V8", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918219, "bug": {"bug_id": 1918219, "title": "CVE-2021-21119 chromium-browser: Use after free in Media", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918220, "bug": {"bug_id": 1918220, "title": "CVE-2021-21120 chromium-browser: Use after free in WebSQL", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918222, "bug": {"bug_id": 1918222, "title": "CVE-2021-21121 chromium-browser: Use after free in Omnibox", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918223, "bug": {"bug_id": 1918223, "title": "CVE-2021-21122 chromium-browser: Use after free in Blink", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918224, "bug": {"bug_id": 1918224, "title": "CVE-2021-21123 chromium-browser: Insufficient data validation in File System API", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918225, "bug": {"bug_id": 1918225, "title": "CVE-2021-21124 chromium-browser: Potential user after free in Speech Recognizer", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918226, "bug": {"bug_id": 1918226, "title": "CVE-2021-21125 chromium-browser: Insufficient policy enforcement in File System API", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918227, "bug": {"bug_id": 1918227, "title": "CVE-2021-21126 chromium-browser: Insufficient policy enforcement in extensions", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918228, "bug": {"bug_id": 1918228, "title": "CVE-2021-21127 chromium-browser: Insufficient policy enforcement in extensions", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918229, "bug": {"bug_id": 1918229, "title": "CVE-2021-21129 chromium-browser: Insufficient policy enforcement in File System API", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918230, "bug": {"bug_id": 1918230, "title": "CVE-2021-21130 chromium-browser: Insufficient policy enforcement in File System API", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918231, "bug": {"bug_id": 1918231, "title": "CVE-2021-21131 chromium-browser: Insufficient policy enforcement in File System API", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918232, "bug": {"bug_id": 1918232, "title": "CVE-2021-21132 chromium-browser: Inappropriate implementation in DevTools", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918233, "bug": {"bug_id": 1918233, "title": "CVE-2021-21133 chromium-browser: Insufficient policy enforcement in Downloads", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918235, "bug": {"bug_id": 1918235, "title": "CVE-2021-21134 chromium-browser: Incorrect security UI in Page Info", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918236, "bug": {"bug_id": 1918236, "title": "CVE-2021-21135 chromium-browser: Inappropriate implementation in Performance API", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918237, "bug": {"bug_id": 1918237, "title": "CVE-2021-21136 chromium-browser: Insufficient policy enforcement in WebView", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918238, "bug": {"bug_id": 1918238, "title": "CVE-2021-21137 chromium-browser: Inappropriate implementation in DevTools", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918239, "bug": {"bug_id": 1918239, "title": "CVE-2021-21138 chromium-browser: Use after free in DevTools", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918240, "bug": {"bug_id": 1918240, "title": "CVE-2021-21139 chromium-browser: Inappropriate implementation in iframe sandbox", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918241, "bug": {"bug_id": 1918241, "title": "CVE-2021-21140 chromium-browser: Uninitialized Use in USB", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918242, "bug": {"bug_id": 1918242, "title": "CVE-2021-21141 chromium-browser: Insufficient policy enforcement in File System API", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918277, "bug": {"bug_id": 1918277, "title": "CVE-2021-21118 CVE-2021-21119 CVE-2021-21120 CVE-2021-21121 CVE-2021-21122 CVE-2021-21123 CVE-2021-21124 CVE-2021-21125 CVE-2021-21126 CVE-2021-21127 CVE-2021-21129 CVE-2021-21130 CVE-2021-21131 CVE-2021-21132 ... chromium: various flaws [fedora-all]", "security": true, "parent": false}}], "testcase_feedback": [], "user": {"name": "boycottsystemd1", "email": "boycottsystemd@yahoo.com", "id": 4054, "avatar": "https://seccdn.libravatar.org/avatar/72822ae5aa82ed9dc6cb7bb35646270744387f81df9ec50d2903e8d4e0bd8691?s=24&d=retro", "openid": "boycottsystemd1.id.fedoraproject.org", "groups": [{"name": "ipausers"}]}}, {"karma": 0, "karma_critpath": 0, "text": "Thanks a lot @spot for your work in maintaining chromium. I can assure you that we (cockpit team) depend on having a good Chromium Fedora package, and that your effort is much appreciated!\n\nHonestly I have a hard time shedding a lot of emotions about this. People who care about not using Google proprietary stuff (like me, although I use Firefox on desktop and phone) shouldn't/won't use  the proprietary bookmark sync either; and people who don't care will either not care much about using chrome vs. chromium?", "timestamp": "2021-01-27 09:10:47", "update_id": 274228, "user_id": 3506, "id": 1839392, "bug_feedback": [{"karma": 0, "comment_id": 1839392, "bug_id": 1918218, "bug": {"bug_id": 1918218, "title": "CVE-2021-21118 chromium-browser: Insufficient data validation in V8", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918219, "bug": {"bug_id": 1918219, "title": "CVE-2021-21119 chromium-browser: Use after free in Media", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918220, "bug": {"bug_id": 1918220, "title": "CVE-2021-21120 chromium-browser: Use after free in WebSQL", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918222, "bug": {"bug_id": 1918222, "title": "CVE-2021-21121 chromium-browser: Use after free in Omnibox", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918223, "bug": {"bug_id": 1918223, "title": "CVE-2021-21122 chromium-browser: Use after free in Blink", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918224, "bug": {"bug_id": 1918224, "title": "CVE-2021-21123 chromium-browser: Insufficient data validation in File System API", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918225, "bug": {"bug_id": 1918225, "title": "CVE-2021-21124 chromium-browser: Potential user after free in Speech Recognizer", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918226, "bug": {"bug_id": 1918226, "title": "CVE-2021-21125 chromium-browser: Insufficient policy enforcement in File System API", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918227, "bug": {"bug_id": 1918227, "title": "CVE-2021-21126 chromium-browser: Insufficient policy enforcement in extensions", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918228, "bug": {"bug_id": 1918228, "title": "CVE-2021-21127 chromium-browser: Insufficient policy enforcement in extensions", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918229, "bug": {"bug_id": 1918229, "title": "CVE-2021-21129 chromium-browser: Insufficient policy enforcement in File System API", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918230, "bug": {"bug_id": 1918230, "title": "CVE-2021-21130 chromium-browser: Insufficient policy enforcement in File System API", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918231, "bug": {"bug_id": 1918231, "title": "CVE-2021-21131 chromium-browser: Insufficient policy enforcement in File System API", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918232, "bug": {"bug_id": 1918232, "title": "CVE-2021-21132 chromium-browser: Inappropriate implementation in DevTools", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918233, "bug": {"bug_id": 1918233, "title": "CVE-2021-21133 chromium-browser: Insufficient policy enforcement in Downloads", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918235, "bug": {"bug_id": 1918235, "title": "CVE-2021-21134 chromium-browser: Incorrect security UI in Page Info", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918236, "bug": {"bug_id": 1918236, "title": "CVE-2021-21135 chromium-browser: Inappropriate implementation in Performance API", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918237, "bug": {"bug_id": 1918237, "title": "CVE-2021-21136 chromium-browser: Insufficient policy enforcement in WebView", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918238, "bug": {"bug_id": 1918238, "title": "CVE-2021-21137 chromium-browser: Inappropriate implementation in DevTools", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918239, "bug": {"bug_id": 1918239, "title": "CVE-2021-21138 chromium-browser: Use after free in DevTools", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918240, "bug": {"bug_id": 1918240, "title": "CVE-2021-21139 chromium-browser: Inappropriate implementation in iframe sandbox", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918241, "bug": {"bug_id": 1918241, "title": "CVE-2021-21140 chromium-browser: Uninitialized Use in USB", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918242, "bug": {"bug_id": 1918242, "title": "CVE-2021-21141 chromium-browser: Insufficient policy enforcement in File System API", "security": true, "parent": true}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918277, "bug": {"bug_id": 1918277, "title": "CVE-2021-21118 CVE-2021-21119 CVE-2021-21120 CVE-2021-21121 CVE-2021-21122 CVE-2021-21123 CVE-2021-21124 CVE-2021-21125 CVE-2021-21126 CVE-2021-21127 CVE-2021-21129 CVE-2021-21130 CVE-2021-21131 CVE-2021-21132 ... chromium: various flaws [fedora-all]", "security": true, "parent": false}}], "testcase_feedback": [], "user": {"name": "martinpitt", "email": "mpitt@redhat.com", "id": 3506, "avatar": "https://seccdn.libravatar.org/avatar/a6a00790fadaca10623f4464437e482d4ec110fe331397506ea9fe2664bec740?s=24&d=retro", "openid": "martinpitt.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "cockpitteam"}, {"name": "ocp-cico-cockpit"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update can be pushed to stable now if the maintainer wishes", "timestamp": "2021-01-30 01:22:56", "update_id": 274228, "user_id": 91, "id": 1844750, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by bodhi. ", "timestamp": "2021-01-30 01:22:58", "update_id": 274228, "user_id": 91, "id": 1844751, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2021-01-31 01:09:00", "update_id": 274228, "user_id": 91, "id": 1845822, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "chromium-88.0.4324.96-1.fc32", "signed": true, "release_id": 35, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 1918218, "title": "CVE-2021-21118 chromium-browser: Insufficient data validation in V8", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 1833300, "bug_id": 1918218, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works for me.", "timestamp": "2021-01-23 17:07:27", "update_id": 274227, "user_id": 273, "id": 1833300, "testcase_feedback": [], "user": {"name": "wolnei", "email": "e@wolnei.com.br", "id": 273, "avatar": "https://seccdn.libravatar.org/avatar/80619c350617edf030f2667bd8ffe77ff68f515022f339677c4571a0b2ec8296?s=24&d=retro", "openid": "wolnei.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "triagers"}, {"name": "advocates"}]}}}, {"karma": 0, "comment_id": 1832161, "bug_id": 1918218, "comment": {"karma": 0, "karma_critpath": 0, "text": "I'm not sure that 'disabling' sync that early before EOL is the best option.\nMessage and link popping up under toolbar does not explain what's going on and what the user can do about it: https://www.chromium.org/developers/how-tos/api-keys\n\nIt would be great to replace it with a link to some quick-doc explaining what and why will happen in March and what to do about it (that Firefox can import most data and sync it between multiple devices and platforms). Maybe in the meantime some alternative will arise, e.g. Firefox Sync adapted in Chromium or other synchronization engine, after all many distros will have this problem and probably some devs rely on that feature.\n\nI'm using Chromium just to test website compatibility, but I installed or recommended it for many non-technical users as a Chrome replacement. I'm pretty sure most users don't check bodhi and won't know what hit them.", "timestamp": "2021-01-22 21:24:10", "update_id": 274227, "user_id": 3674, "id": 1832161, "testcase_feedback": [], "user": {"name": "ozeszty", "email": "ozeszty@gmail.com", "id": 3674, "avatar": "https://seccdn.libravatar.org/avatar/9aeace02fa2d54f1f5febd3460182261a6a518035ea75cc9d788240d6e669cbe?s=24&d=retro", "openid": "ozeszty.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918218, "comment": {"karma": 1, "karma_critpath": 0, "text": "I'll always prefer chromium over chrome. Thank you for your work.", "timestamp": "2021-01-24 07:17:56", "update_id": 274228, "user_id": 4054, "id": 1833870, "testcase_feedback": [], "user": {"name": "boycottsystemd1", "email": "boycottsystemd@yahoo.com", "id": 4054, "avatar": "https://seccdn.libravatar.org/avatar/72822ae5aa82ed9dc6cb7bb35646270744387f81df9ec50d2903e8d4e0bd8691?s=24&d=retro", "openid": "boycottsystemd1.id.fedoraproject.org", "groups": [{"name": "ipausers"}]}}}, {"karma": 0, "comment_id": 1832013, "bug_id": 1918218, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-22 19:12:00", "update_id": 274227, "user_id": 2935, "id": 1832013, "testcase_feedback": [], "user": {"name": "imabug", "email": "eugenemah@gmail.com", "id": 2935, "avatar": "https://seccdn.libravatar.org/avatar/ea8ba927783ee0ef10e6f05f14791abf925972bac4f31aba458058d3e7907a6d?s=24&d=retro", "openid": "imabug.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedora-hams"}]}}}, {"karma": 0, "comment_id": 1833107, "bug_id": 1918218, "comment": {"karma": 1, "karma_critpath": 0, "text": "Firefox FTW!", "timestamp": "2021-01-23 13:37:43", "update_id": 274227, "user_id": 4120, "id": 1833107, "testcase_feedback": [], "user": {"name": "atim", "email": "ego.cordatus@gmail.com", "id": 4120, "avatar": "https://seccdn.libravatar.org/avatar/8c3a317a13d88ca7421098b94cce0501c97ca2283e7139c4992df34f6218fb3b?s=24&d=retro", "openid": "atim.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "rust-sig"}]}}}, {"karma": 0, "comment_id": 1833372, "bug_id": 1918218, "comment": {"karma": 1, "karma_critpath": 0, "text": "**Thank you for maintaining the rpm !**", "timestamp": "2021-01-23 19:00:03", "update_id": 274227, "user_id": 6171, "id": 1833372, "testcase_feedback": [], "user": {"name": "x3dsf", "email": "talktofergus@gmail.com", "id": 6171, "avatar": "https://seccdn.libravatar.org/avatar/d05ae1bb65ea90306d28213b40ba72ff40de91b48767b282b0ae4f6a9fdee9f5?s=24&d=retro", "openid": "x3dsf.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1833207, "bug_id": 1918218, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-23 15:35:29", "update_id": 274227, "user_id": 5791, "id": 1833207, "testcase_feedback": [], "user": {"name": "pampelmuse", "email": "pampelmuse@gmx.at", "id": 5791, "avatar": "https://seccdn.libravatar.org/avatar/bb6c6342bfedc934915501150e118faf015cde0f79677ee978989c5234cd8b1b?s=24&d=retro", "openid": "pampelmuse.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 0, "comment_id": 1833904, "bug_id": 1918218, "comment": {"karma": 1, "karma_critpath": 0, "text": "Thank you for maintaining this package and for 'ripping the patch' up front, without adding a long pain to it. \nAlso, for whoever is here asking themselves if there is a fully functional browser with sync-ing capabilities, the answer is yes: Firefox. ;-)\n", "timestamp": "2021-01-24 08:40:50", "update_id": 274227, "user_id": 4635, "id": 1833904, "testcase_feedback": [], "user": {"name": "ckristi", "email": "ckristi@gmail.com", "id": 4635, "avatar": "https://seccdn.libravatar.org/avatar/7470b7723a1569ad482dd778bfca90f0f22571f574746af4f90a84b55d52d90f?s=24&d=retro", "openid": "ckristi.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1835458, "bug_id": 1918218, "comment": {"karma": 0, "karma_critpath": 0, "text": "Please consider keeping the package updated going forward.\n\nWhile sync is certainly a useful feature, it's entirely possible to use Chromium without ever enabling it; some people might even consider the removal of this Google-specific functionality an improvement.\n\nFirefox is a very valid alternative, and what I personally use, but the fact that the two browsers use different engines makes it quite valuable to have both in the distribution.", "timestamp": "2021-01-24 23:16:22", "update_id": 274227, "user_id": 5346, "id": 1835458, "testcase_feedback": [], "user": {"name": "abologna", "email": "eof@kiyuko.org", "id": 5346, "avatar": "https://seccdn.libravatar.org/avatar/b3a32a0d2dcf11525bcda6c548a2e371fefce6e356c3761abeb43c51e38d320e?s=24&d=retro", "openid": "abologna.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "wikiedit"}, {"name": "kubevirt"}]}}}, {"karma": 0, "comment_id": 1836831, "bug_id": 1918218, "comment": {"karma": 0, "karma_critpath": 0, "text": "Is removal actually correct? The email thread says that APIs like safe browsing are still available, but they won't be any longer if the API keys get removed.", "timestamp": "2021-01-25 18:38:52", "update_id": 274227, "user_id": 4713, "id": 1836831, "testcase_feedback": [], "user": {"name": "refi64", "email": "rymg19@gmail.com", "id": 4713, "avatar": "https://seccdn.libravatar.org/avatar/46c688fd5c97a57db2e5d09d34cc92fb478308e4abf18ecd6bc2cc6de397b57d?s=24&d=retro", "openid": "refi64.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1839212, "bug_id": 1918218, "comment": {"karma": 0, "karma_critpath": 0, "text": "I would say replace the package with Ungoogled Chromium. This is effectively the same to end-users once the APIs are blocked, with one major gain which is complete google APIs block and removal at user-end to prevent any tracking act by google. ", "timestamp": "2021-01-27 05:44:28", "update_id": 274227, "user_id": 6181, "id": 1839212, "testcase_feedback": [], "user": {"name": "mahmoudajawad", "email": "m.abduljawad@hey.com", "id": 6181, "avatar": "https://seccdn.libravatar.org/avatar/8ca985ad1641c9cf4f27302a22af8e585a6394f11d7c68dfbd10a579280a022f?s=24&d=retro", "openid": "mahmoudajawad.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918218, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thanks a lot @spot for your work in maintaining chromium. I can assure you that we (cockpit team) depend on having a good Chromium Fedora package, and that your effort is much appreciated!\n\nHonestly I have a hard time shedding a lot of emotions about this. People who care about not using Google proprietary stuff (like me, although I use Firefox on desktop and phone) shouldn't/won't use  the proprietary bookmark sync either; and people who don't care will either not care much about using chrome vs. chromium?", "timestamp": "2021-01-27 09:10:47", "update_id": 274228, "user_id": 3506, "id": 1839392, "testcase_feedback": [], "user": {"name": "martinpitt", "email": "mpitt@redhat.com", "id": 3506, "avatar": "https://seccdn.libravatar.org/avatar/a6a00790fadaca10623f4464437e482d4ec110fe331397506ea9fe2664bec740?s=24&d=retro", "openid": "martinpitt.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "cockpitteam"}, {"name": "ocp-cico-cockpit"}]}}}, {"karma": 0, "comment_id": 1843772, "bug_id": 1918218, "comment": {"karma": 0, "karma_critpath": 0, "text": "Personally I don't care one bit for Sync of Geolocation services. Those are one of the first things I try disable when using a browser. The warning at the startup however made me think it was a far more serious change that could hurt browsing security. I would keep the package, if I wanted the full Google experience I'd stick with Google Chrome.", "timestamp": "2021-01-29 13:18:23", "update_id": 274227, "user_id": 6192, "id": 1843772, "testcase_feedback": [], "user": {"name": "vedora", "email": "weetjenu@protonmail.com", "id": 6192, "avatar": "https://seccdn.libravatar.org/avatar/661ef5fab323bf214decbd6867540656fcc4181e6de41aa37a3a05ecd429a9a6?s=24&d=retro", "openid": "vedora.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1883793, "bug_id": 1918218, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thank you for continuing to maintain the package! Your builds so far have been top notch and this persuaded me to switch to Chromium partly (earlier a full fledged Firefox user, from way back when I was using Windows). It is indeed a real shame that Google has <sha> let us all down so much! Considering how much they use Linux: Linux apps are the closest to an actual ecosystem on ChromiumOS, they regularly let their open source projects AOSP and Chromium (OS)) wither away..\n\nAs I have also posted on arnoldthebat's update (https://arnoldthebat.co.uk/wordpress/2021/02/10/important-update/comment-page-1/?unapproved=114658&moderation-hash=1f39af0354eeb66a2907c367d1c07e47#comment-114658), and as echoed in this (https://www.techrepublic.com/article/google-stripping-chromium-of-certain-api-access-is-an-opportunity-for-the-browser-to-shine/), is it potentially possible for us to use our own form of syncing for Chromium browsers alone? There are a lot of open source devs who maintain the browser, and in arnold's case, the OS, and easily 3x as many users who need it to get away from the bad tech giant. Maybe such an API should help us get away for good.. (I personally can help test this on a phone and my laptop, on atleast 3 distributions and Android, and if I could, would love to help with the code as well (I went into the medical field #( ), and I do think all of us can band together for a while to get Chromium back to where it was)", "timestamp": "2021-02-12 08:38:37", "update_id": 274227, "user_id": 6222, "id": 1883793, "testcase_feedback": [], "user": {"name": "djremo", "email": "sidharth.sundaresan@gmail.com", "id": 6222, "avatar": "https://seccdn.libravatar.org/avatar/a0124676ecb3849c13610fbb482fcf48d33d7098e712ca7b49b56e01760cc7f9?s=24&d=retro", "openid": "djremo.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1912121, "bug_id": 1918218, "comment": {"karma": 1, "karma_critpath": 0, "text": "WoW! I started to use Chromium a while back, and it was glorious. Thank you for making Chromium for the masses; everyone owes you a great debt of gratitude. What you did was awesome, and it is sad. I am not much of a coder, but I am a philosopher, and I offer a eulogy (yeah, it's a program, I know; I have not lost it, work with me here).\n\nToday, I eulogize something beautiful under the most tragic of circumstances. It is like the death of a child, something created and has part of that creator in it. We are left with the questions of what if and why. It was not due to a faceless disease or defect inherited from the parents; it was murder. We know who did it. The killer is someone that we once gladly welcomed into our home. We trusted them with our personal communications, our many questions, and the records of our lives, all with the singular promise not to be evil. That was the first lie, but not the last. \n\nThe friend that we once trusted turned on us, and in secret, they practiced the dark arts and were possessed with the spirit of Google (for they are too many). Today, they have killed their brother Chromium, and his code still cries out from the ground, but are we listening? Power corrupts, and absolute power corrupts absolutely, and now they have become death: the destroyer of worlds. \n\nPrince Chromium is dead, and now we are left with his useless brother sitting on the throne and breaking nuts with the royal seal. The King is dead; long live the king; now, what about us?", "timestamp": "2021-03-02 08:02:43", "update_id": 274227, "user_id": 6267, "id": 1912121, "testcase_feedback": [], "user": {"name": "whstoermer", "email": "whs_1984@hotmail.com", "id": 6267, "avatar": "https://seccdn.libravatar.org/avatar/ef94db85e17e29d82cb493106dd7fc9700940263b168aa427444855ac703c066?s=24&d=retro", "openid": "whstoermer.id.fedoraproject.org", "groups": []}}}]}, {"bug_id": 1918219, "title": "CVE-2021-21119 chromium-browser: Use after free in Media", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 1833300, "bug_id": 1918219, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works for me.", "timestamp": "2021-01-23 17:07:27", "update_id": 274227, "user_id": 273, "id": 1833300, "testcase_feedback": [], "user": {"name": "wolnei", "email": "e@wolnei.com.br", "id": 273, "avatar": "https://seccdn.libravatar.org/avatar/80619c350617edf030f2667bd8ffe77ff68f515022f339677c4571a0b2ec8296?s=24&d=retro", "openid": "wolnei.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "triagers"}, {"name": "advocates"}]}}}, {"karma": 0, "comment_id": 1832161, "bug_id": 1918219, "comment": {"karma": 0, "karma_critpath": 0, "text": "I'm not sure that 'disabling' sync that early before EOL is the best option.\nMessage and link popping up under toolbar does not explain what's going on and what the user can do about it: https://www.chromium.org/developers/how-tos/api-keys\n\nIt would be great to replace it with a link to some quick-doc explaining what and why will happen in March and what to do about it (that Firefox can import most data and sync it between multiple devices and platforms). Maybe in the meantime some alternative will arise, e.g. Firefox Sync adapted in Chromium or other synchronization engine, after all many distros will have this problem and probably some devs rely on that feature.\n\nI'm using Chromium just to test website compatibility, but I installed or recommended it for many non-technical users as a Chrome replacement. I'm pretty sure most users don't check bodhi and won't know what hit them.", "timestamp": "2021-01-22 21:24:10", "update_id": 274227, "user_id": 3674, "id": 1832161, "testcase_feedback": [], "user": {"name": "ozeszty", "email": "ozeszty@gmail.com", "id": 3674, "avatar": "https://seccdn.libravatar.org/avatar/9aeace02fa2d54f1f5febd3460182261a6a518035ea75cc9d788240d6e669cbe?s=24&d=retro", "openid": "ozeszty.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918219, "comment": {"karma": 1, "karma_critpath": 0, "text": "I'll always prefer chromium over chrome. Thank you for your work.", "timestamp": "2021-01-24 07:17:56", "update_id": 274228, "user_id": 4054, "id": 1833870, "testcase_feedback": [], "user": {"name": "boycottsystemd1", "email": "boycottsystemd@yahoo.com", "id": 4054, "avatar": "https://seccdn.libravatar.org/avatar/72822ae5aa82ed9dc6cb7bb35646270744387f81df9ec50d2903e8d4e0bd8691?s=24&d=retro", "openid": "boycottsystemd1.id.fedoraproject.org", "groups": [{"name": "ipausers"}]}}}, {"karma": 0, "comment_id": 1832013, "bug_id": 1918219, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-22 19:12:00", "update_id": 274227, "user_id": 2935, "id": 1832013, "testcase_feedback": [], "user": {"name": "imabug", "email": "eugenemah@gmail.com", "id": 2935, "avatar": "https://seccdn.libravatar.org/avatar/ea8ba927783ee0ef10e6f05f14791abf925972bac4f31aba458058d3e7907a6d?s=24&d=retro", "openid": "imabug.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedora-hams"}]}}}, {"karma": 0, "comment_id": 1833107, "bug_id": 1918219, "comment": {"karma": 1, "karma_critpath": 0, "text": "Firefox FTW!", "timestamp": "2021-01-23 13:37:43", "update_id": 274227, "user_id": 4120, "id": 1833107, "testcase_feedback": [], "user": {"name": "atim", "email": "ego.cordatus@gmail.com", "id": 4120, "avatar": "https://seccdn.libravatar.org/avatar/8c3a317a13d88ca7421098b94cce0501c97ca2283e7139c4992df34f6218fb3b?s=24&d=retro", "openid": "atim.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "rust-sig"}]}}}, {"karma": 0, "comment_id": 1833372, "bug_id": 1918219, "comment": {"karma": 1, "karma_critpath": 0, "text": "**Thank you for maintaining the rpm !**", "timestamp": "2021-01-23 19:00:03", "update_id": 274227, "user_id": 6171, "id": 1833372, "testcase_feedback": [], "user": {"name": "x3dsf", "email": "talktofergus@gmail.com", "id": 6171, "avatar": "https://seccdn.libravatar.org/avatar/d05ae1bb65ea90306d28213b40ba72ff40de91b48767b282b0ae4f6a9fdee9f5?s=24&d=retro", "openid": "x3dsf.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1833207, "bug_id": 1918219, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-23 15:35:29", "update_id": 274227, "user_id": 5791, "id": 1833207, "testcase_feedback": [], "user": {"name": "pampelmuse", "email": "pampelmuse@gmx.at", "id": 5791, "avatar": "https://seccdn.libravatar.org/avatar/bb6c6342bfedc934915501150e118faf015cde0f79677ee978989c5234cd8b1b?s=24&d=retro", "openid": "pampelmuse.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 0, "comment_id": 1833904, "bug_id": 1918219, "comment": {"karma": 1, "karma_critpath": 0, "text": "Thank you for maintaining this package and for 'ripping the patch' up front, without adding a long pain to it. \nAlso, for whoever is here asking themselves if there is a fully functional browser with sync-ing capabilities, the answer is yes: Firefox. ;-)\n", "timestamp": "2021-01-24 08:40:50", "update_id": 274227, "user_id": 4635, "id": 1833904, "testcase_feedback": [], "user": {"name": "ckristi", "email": "ckristi@gmail.com", "id": 4635, "avatar": "https://seccdn.libravatar.org/avatar/7470b7723a1569ad482dd778bfca90f0f22571f574746af4f90a84b55d52d90f?s=24&d=retro", "openid": "ckristi.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1835458, "bug_id": 1918219, "comment": {"karma": 0, "karma_critpath": 0, "text": "Please consider keeping the package updated going forward.\n\nWhile sync is certainly a useful feature, it's entirely possible to use Chromium without ever enabling it; some people might even consider the removal of this Google-specific functionality an improvement.\n\nFirefox is a very valid alternative, and what I personally use, but the fact that the two browsers use different engines makes it quite valuable to have both in the distribution.", "timestamp": "2021-01-24 23:16:22", "update_id": 274227, "user_id": 5346, "id": 1835458, "testcase_feedback": [], "user": {"name": "abologna", "email": "eof@kiyuko.org", "id": 5346, "avatar": "https://seccdn.libravatar.org/avatar/b3a32a0d2dcf11525bcda6c548a2e371fefce6e356c3761abeb43c51e38d320e?s=24&d=retro", "openid": "abologna.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "wikiedit"}, {"name": "kubevirt"}]}}}, {"karma": 0, "comment_id": 1836831, "bug_id": 1918219, "comment": {"karma": 0, "karma_critpath": 0, "text": "Is removal actually correct? The email thread says that APIs like safe browsing are still available, but they won't be any longer if the API keys get removed.", "timestamp": "2021-01-25 18:38:52", "update_id": 274227, "user_id": 4713, "id": 1836831, "testcase_feedback": [], "user": {"name": "refi64", "email": "rymg19@gmail.com", "id": 4713, "avatar": "https://seccdn.libravatar.org/avatar/46c688fd5c97a57db2e5d09d34cc92fb478308e4abf18ecd6bc2cc6de397b57d?s=24&d=retro", "openid": "refi64.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1839212, "bug_id": 1918219, "comment": {"karma": 0, "karma_critpath": 0, "text": "I would say replace the package with Ungoogled Chromium. This is effectively the same to end-users once the APIs are blocked, with one major gain which is complete google APIs block and removal at user-end to prevent any tracking act by google. ", "timestamp": "2021-01-27 05:44:28", "update_id": 274227, "user_id": 6181, "id": 1839212, "testcase_feedback": [], "user": {"name": "mahmoudajawad", "email": "m.abduljawad@hey.com", "id": 6181, "avatar": "https://seccdn.libravatar.org/avatar/8ca985ad1641c9cf4f27302a22af8e585a6394f11d7c68dfbd10a579280a022f?s=24&d=retro", "openid": "mahmoudajawad.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918219, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thanks a lot @spot for your work in maintaining chromium. I can assure you that we (cockpit team) depend on having a good Chromium Fedora package, and that your effort is much appreciated!\n\nHonestly I have a hard time shedding a lot of emotions about this. People who care about not using Google proprietary stuff (like me, although I use Firefox on desktop and phone) shouldn't/won't use  the proprietary bookmark sync either; and people who don't care will either not care much about using chrome vs. chromium?", "timestamp": "2021-01-27 09:10:47", "update_id": 274228, "user_id": 3506, "id": 1839392, "testcase_feedback": [], "user": {"name": "martinpitt", "email": "mpitt@redhat.com", "id": 3506, "avatar": "https://seccdn.libravatar.org/avatar/a6a00790fadaca10623f4464437e482d4ec110fe331397506ea9fe2664bec740?s=24&d=retro", "openid": "martinpitt.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "cockpitteam"}, {"name": "ocp-cico-cockpit"}]}}}, {"karma": 0, "comment_id": 1843772, "bug_id": 1918219, "comment": {"karma": 0, "karma_critpath": 0, "text": "Personally I don't care one bit for Sync of Geolocation services. Those are one of the first things I try disable when using a browser. The warning at the startup however made me think it was a far more serious change that could hurt browsing security. I would keep the package, if I wanted the full Google experience I'd stick with Google Chrome.", "timestamp": "2021-01-29 13:18:23", "update_id": 274227, "user_id": 6192, "id": 1843772, "testcase_feedback": [], "user": {"name": "vedora", "email": "weetjenu@protonmail.com", "id": 6192, "avatar": "https://seccdn.libravatar.org/avatar/661ef5fab323bf214decbd6867540656fcc4181e6de41aa37a3a05ecd429a9a6?s=24&d=retro", "openid": "vedora.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1883793, "bug_id": 1918219, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thank you for continuing to maintain the package! Your builds so far have been top notch and this persuaded me to switch to Chromium partly (earlier a full fledged Firefox user, from way back when I was using Windows). It is indeed a real shame that Google has <sha> let us all down so much! Considering how much they use Linux: Linux apps are the closest to an actual ecosystem on ChromiumOS, they regularly let their open source projects AOSP and Chromium (OS)) wither away..\n\nAs I have also posted on arnoldthebat's update (https://arnoldthebat.co.uk/wordpress/2021/02/10/important-update/comment-page-1/?unapproved=114658&moderation-hash=1f39af0354eeb66a2907c367d1c07e47#comment-114658), and as echoed in this (https://www.techrepublic.com/article/google-stripping-chromium-of-certain-api-access-is-an-opportunity-for-the-browser-to-shine/), is it potentially possible for us to use our own form of syncing for Chromium browsers alone? There are a lot of open source devs who maintain the browser, and in arnold's case, the OS, and easily 3x as many users who need it to get away from the bad tech giant. Maybe such an API should help us get away for good.. (I personally can help test this on a phone and my laptop, on atleast 3 distributions and Android, and if I could, would love to help with the code as well (I went into the medical field #( ), and I do think all of us can band together for a while to get Chromium back to where it was)", "timestamp": "2021-02-12 08:38:37", "update_id": 274227, "user_id": 6222, "id": 1883793, "testcase_feedback": [], "user": {"name": "djremo", "email": "sidharth.sundaresan@gmail.com", "id": 6222, "avatar": "https://seccdn.libravatar.org/avatar/a0124676ecb3849c13610fbb482fcf48d33d7098e712ca7b49b56e01760cc7f9?s=24&d=retro", "openid": "djremo.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1912121, "bug_id": 1918219, "comment": {"karma": 1, "karma_critpath": 0, "text": "WoW! I started to use Chromium a while back, and it was glorious. Thank you for making Chromium for the masses; everyone owes you a great debt of gratitude. What you did was awesome, and it is sad. I am not much of a coder, but I am a philosopher, and I offer a eulogy (yeah, it's a program, I know; I have not lost it, work with me here).\n\nToday, I eulogize something beautiful under the most tragic of circumstances. It is like the death of a child, something created and has part of that creator in it. We are left with the questions of what if and why. It was not due to a faceless disease or defect inherited from the parents; it was murder. We know who did it. The killer is someone that we once gladly welcomed into our home. We trusted them with our personal communications, our many questions, and the records of our lives, all with the singular promise not to be evil. That was the first lie, but not the last. \n\nThe friend that we once trusted turned on us, and in secret, they practiced the dark arts and were possessed with the spirit of Google (for they are too many). Today, they have killed their brother Chromium, and his code still cries out from the ground, but are we listening? Power corrupts, and absolute power corrupts absolutely, and now they have become death: the destroyer of worlds. \n\nPrince Chromium is dead, and now we are left with his useless brother sitting on the throne and breaking nuts with the royal seal. The King is dead; long live the king; now, what about us?", "timestamp": "2021-03-02 08:02:43", "update_id": 274227, "user_id": 6267, "id": 1912121, "testcase_feedback": [], "user": {"name": "whstoermer", "email": "whs_1984@hotmail.com", "id": 6267, "avatar": "https://seccdn.libravatar.org/avatar/ef94db85e17e29d82cb493106dd7fc9700940263b168aa427444855ac703c066?s=24&d=retro", "openid": "whstoermer.id.fedoraproject.org", "groups": []}}}]}, {"bug_id": 1918220, "title": "CVE-2021-21120 chromium-browser: Use after free in WebSQL", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 1833300, "bug_id": 1918220, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works for me.", "timestamp": "2021-01-23 17:07:27", "update_id": 274227, "user_id": 273, "id": 1833300, "testcase_feedback": [], "user": {"name": "wolnei", "email": "e@wolnei.com.br", "id": 273, "avatar": "https://seccdn.libravatar.org/avatar/80619c350617edf030f2667bd8ffe77ff68f515022f339677c4571a0b2ec8296?s=24&d=retro", "openid": "wolnei.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "triagers"}, {"name": "advocates"}]}}}, {"karma": 0, "comment_id": 1832161, "bug_id": 1918220, "comment": {"karma": 0, "karma_critpath": 0, "text": "I'm not sure that 'disabling' sync that early before EOL is the best option.\nMessage and link popping up under toolbar does not explain what's going on and what the user can do about it: https://www.chromium.org/developers/how-tos/api-keys\n\nIt would be great to replace it with a link to some quick-doc explaining what and why will happen in March and what to do about it (that Firefox can import most data and sync it between multiple devices and platforms). Maybe in the meantime some alternative will arise, e.g. Firefox Sync adapted in Chromium or other synchronization engine, after all many distros will have this problem and probably some devs rely on that feature.\n\nI'm using Chromium just to test website compatibility, but I installed or recommended it for many non-technical users as a Chrome replacement. I'm pretty sure most users don't check bodhi and won't know what hit them.", "timestamp": "2021-01-22 21:24:10", "update_id": 274227, "user_id": 3674, "id": 1832161, "testcase_feedback": [], "user": {"name": "ozeszty", "email": "ozeszty@gmail.com", "id": 3674, "avatar": "https://seccdn.libravatar.org/avatar/9aeace02fa2d54f1f5febd3460182261a6a518035ea75cc9d788240d6e669cbe?s=24&d=retro", "openid": "ozeszty.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918220, "comment": {"karma": 1, "karma_critpath": 0, "text": "I'll always prefer chromium over chrome. Thank you for your work.", "timestamp": "2021-01-24 07:17:56", "update_id": 274228, "user_id": 4054, "id": 1833870, "testcase_feedback": [], "user": {"name": "boycottsystemd1", "email": "boycottsystemd@yahoo.com", "id": 4054, "avatar": "https://seccdn.libravatar.org/avatar/72822ae5aa82ed9dc6cb7bb35646270744387f81df9ec50d2903e8d4e0bd8691?s=24&d=retro", "openid": "boycottsystemd1.id.fedoraproject.org", "groups": [{"name": "ipausers"}]}}}, {"karma": 0, "comment_id": 1832013, "bug_id": 1918220, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-22 19:12:00", "update_id": 274227, "user_id": 2935, "id": 1832013, "testcase_feedback": [], "user": {"name": "imabug", "email": "eugenemah@gmail.com", "id": 2935, "avatar": "https://seccdn.libravatar.org/avatar/ea8ba927783ee0ef10e6f05f14791abf925972bac4f31aba458058d3e7907a6d?s=24&d=retro", "openid": "imabug.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedora-hams"}]}}}, {"karma": 0, "comment_id": 1833107, "bug_id": 1918220, "comment": {"karma": 1, "karma_critpath": 0, "text": "Firefox FTW!", "timestamp": "2021-01-23 13:37:43", "update_id": 274227, "user_id": 4120, "id": 1833107, "testcase_feedback": [], "user": {"name": "atim", "email": "ego.cordatus@gmail.com", "id": 4120, "avatar": "https://seccdn.libravatar.org/avatar/8c3a317a13d88ca7421098b94cce0501c97ca2283e7139c4992df34f6218fb3b?s=24&d=retro", "openid": "atim.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "rust-sig"}]}}}, {"karma": 0, "comment_id": 1833372, "bug_id": 1918220, "comment": {"karma": 1, "karma_critpath": 0, "text": "**Thank you for maintaining the rpm !**", "timestamp": "2021-01-23 19:00:03", "update_id": 274227, "user_id": 6171, "id": 1833372, "testcase_feedback": [], "user": {"name": "x3dsf", "email": "talktofergus@gmail.com", "id": 6171, "avatar": "https://seccdn.libravatar.org/avatar/d05ae1bb65ea90306d28213b40ba72ff40de91b48767b282b0ae4f6a9fdee9f5?s=24&d=retro", "openid": "x3dsf.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1833207, "bug_id": 1918220, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-23 15:35:29", "update_id": 274227, "user_id": 5791, "id": 1833207, "testcase_feedback": [], "user": {"name": "pampelmuse", "email": "pampelmuse@gmx.at", "id": 5791, "avatar": "https://seccdn.libravatar.org/avatar/bb6c6342bfedc934915501150e118faf015cde0f79677ee978989c5234cd8b1b?s=24&d=retro", "openid": "pampelmuse.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 0, "comment_id": 1833904, "bug_id": 1918220, "comment": {"karma": 1, "karma_critpath": 0, "text": "Thank you for maintaining this package and for 'ripping the patch' up front, without adding a long pain to it. \nAlso, for whoever is here asking themselves if there is a fully functional browser with sync-ing capabilities, the answer is yes: Firefox. ;-)\n", "timestamp": "2021-01-24 08:40:50", "update_id": 274227, "user_id": 4635, "id": 1833904, "testcase_feedback": [], "user": {"name": "ckristi", "email": "ckristi@gmail.com", "id": 4635, "avatar": "https://seccdn.libravatar.org/avatar/7470b7723a1569ad482dd778bfca90f0f22571f574746af4f90a84b55d52d90f?s=24&d=retro", "openid": "ckristi.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1835458, "bug_id": 1918220, "comment": {"karma": 0, "karma_critpath": 0, "text": "Please consider keeping the package updated going forward.\n\nWhile sync is certainly a useful feature, it's entirely possible to use Chromium without ever enabling it; some people might even consider the removal of this Google-specific functionality an improvement.\n\nFirefox is a very valid alternative, and what I personally use, but the fact that the two browsers use different engines makes it quite valuable to have both in the distribution.", "timestamp": "2021-01-24 23:16:22", "update_id": 274227, "user_id": 5346, "id": 1835458, "testcase_feedback": [], "user": {"name": "abologna", "email": "eof@kiyuko.org", "id": 5346, "avatar": "https://seccdn.libravatar.org/avatar/b3a32a0d2dcf11525bcda6c548a2e371fefce6e356c3761abeb43c51e38d320e?s=24&d=retro", "openid": "abologna.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "wikiedit"}, {"name": "kubevirt"}]}}}, {"karma": 0, "comment_id": 1836831, "bug_id": 1918220, "comment": {"karma": 0, "karma_critpath": 0, "text": "Is removal actually correct? The email thread says that APIs like safe browsing are still available, but they won't be any longer if the API keys get removed.", "timestamp": "2021-01-25 18:38:52", "update_id": 274227, "user_id": 4713, "id": 1836831, "testcase_feedback": [], "user": {"name": "refi64", "email": "rymg19@gmail.com", "id": 4713, "avatar": "https://seccdn.libravatar.org/avatar/46c688fd5c97a57db2e5d09d34cc92fb478308e4abf18ecd6bc2cc6de397b57d?s=24&d=retro", "openid": "refi64.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1839212, "bug_id": 1918220, "comment": {"karma": 0, "karma_critpath": 0, "text": "I would say replace the package with Ungoogled Chromium. This is effectively the same to end-users once the APIs are blocked, with one major gain which is complete google APIs block and removal at user-end to prevent any tracking act by google. ", "timestamp": "2021-01-27 05:44:28", "update_id": 274227, "user_id": 6181, "id": 1839212, "testcase_feedback": [], "user": {"name": "mahmoudajawad", "email": "m.abduljawad@hey.com", "id": 6181, "avatar": "https://seccdn.libravatar.org/avatar/8ca985ad1641c9cf4f27302a22af8e585a6394f11d7c68dfbd10a579280a022f?s=24&d=retro", "openid": "mahmoudajawad.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918220, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thanks a lot @spot for your work in maintaining chromium. I can assure you that we (cockpit team) depend on having a good Chromium Fedora package, and that your effort is much appreciated!\n\nHonestly I have a hard time shedding a lot of emotions about this. People who care about not using Google proprietary stuff (like me, although I use Firefox on desktop and phone) shouldn't/won't use  the proprietary bookmark sync either; and people who don't care will either not care much about using chrome vs. chromium?", "timestamp": "2021-01-27 09:10:47", "update_id": 274228, "user_id": 3506, "id": 1839392, "testcase_feedback": [], "user": {"name": "martinpitt", "email": "mpitt@redhat.com", "id": 3506, "avatar": "https://seccdn.libravatar.org/avatar/a6a00790fadaca10623f4464437e482d4ec110fe331397506ea9fe2664bec740?s=24&d=retro", "openid": "martinpitt.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "cockpitteam"}, {"name": "ocp-cico-cockpit"}]}}}, {"karma": 0, "comment_id": 1843772, "bug_id": 1918220, "comment": {"karma": 0, "karma_critpath": 0, "text": "Personally I don't care one bit for Sync of Geolocation services. Those are one of the first things I try disable when using a browser. The warning at the startup however made me think it was a far more serious change that could hurt browsing security. I would keep the package, if I wanted the full Google experience I'd stick with Google Chrome.", "timestamp": "2021-01-29 13:18:23", "update_id": 274227, "user_id": 6192, "id": 1843772, "testcase_feedback": [], "user": {"name": "vedora", "email": "weetjenu@protonmail.com", "id": 6192, "avatar": "https://seccdn.libravatar.org/avatar/661ef5fab323bf214decbd6867540656fcc4181e6de41aa37a3a05ecd429a9a6?s=24&d=retro", "openid": "vedora.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1883793, "bug_id": 1918220, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thank you for continuing to maintain the package! Your builds so far have been top notch and this persuaded me to switch to Chromium partly (earlier a full fledged Firefox user, from way back when I was using Windows). It is indeed a real shame that Google has <sha> let us all down so much! Considering how much they use Linux: Linux apps are the closest to an actual ecosystem on ChromiumOS, they regularly let their open source projects AOSP and Chromium (OS)) wither away..\n\nAs I have also posted on arnoldthebat's update (https://arnoldthebat.co.uk/wordpress/2021/02/10/important-update/comment-page-1/?unapproved=114658&moderation-hash=1f39af0354eeb66a2907c367d1c07e47#comment-114658), and as echoed in this (https://www.techrepublic.com/article/google-stripping-chromium-of-certain-api-access-is-an-opportunity-for-the-browser-to-shine/), is it potentially possible for us to use our own form of syncing for Chromium browsers alone? There are a lot of open source devs who maintain the browser, and in arnold's case, the OS, and easily 3x as many users who need it to get away from the bad tech giant. Maybe such an API should help us get away for good.. (I personally can help test this on a phone and my laptop, on atleast 3 distributions and Android, and if I could, would love to help with the code as well (I went into the medical field #( ), and I do think all of us can band together for a while to get Chromium back to where it was)", "timestamp": "2021-02-12 08:38:37", "update_id": 274227, "user_id": 6222, "id": 1883793, "testcase_feedback": [], "user": {"name": "djremo", "email": "sidharth.sundaresan@gmail.com", "id": 6222, "avatar": "https://seccdn.libravatar.org/avatar/a0124676ecb3849c13610fbb482fcf48d33d7098e712ca7b49b56e01760cc7f9?s=24&d=retro", "openid": "djremo.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1912121, "bug_id": 1918220, "comment": {"karma": 1, "karma_critpath": 0, "text": "WoW! I started to use Chromium a while back, and it was glorious. Thank you for making Chromium for the masses; everyone owes you a great debt of gratitude. What you did was awesome, and it is sad. I am not much of a coder, but I am a philosopher, and I offer a eulogy (yeah, it's a program, I know; I have not lost it, work with me here).\n\nToday, I eulogize something beautiful under the most tragic of circumstances. It is like the death of a child, something created and has part of that creator in it. We are left with the questions of what if and why. It was not due to a faceless disease or defect inherited from the parents; it was murder. We know who did it. The killer is someone that we once gladly welcomed into our home. We trusted them with our personal communications, our many questions, and the records of our lives, all with the singular promise not to be evil. That was the first lie, but not the last. \n\nThe friend that we once trusted turned on us, and in secret, they practiced the dark arts and were possessed with the spirit of Google (for they are too many). Today, they have killed their brother Chromium, and his code still cries out from the ground, but are we listening? Power corrupts, and absolute power corrupts absolutely, and now they have become death: the destroyer of worlds. \n\nPrince Chromium is dead, and now we are left with his useless brother sitting on the throne and breaking nuts with the royal seal. The King is dead; long live the king; now, what about us?", "timestamp": "2021-03-02 08:02:43", "update_id": 274227, "user_id": 6267, "id": 1912121, "testcase_feedback": [], "user": {"name": "whstoermer", "email": "whs_1984@hotmail.com", "id": 6267, "avatar": "https://seccdn.libravatar.org/avatar/ef94db85e17e29d82cb493106dd7fc9700940263b168aa427444855ac703c066?s=24&d=retro", "openid": "whstoermer.id.fedoraproject.org", "groups": []}}}]}, {"bug_id": 1918222, "title": "CVE-2021-21121 chromium-browser: Use after free in Omnibox", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 1833300, "bug_id": 1918222, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works for me.", "timestamp": "2021-01-23 17:07:27", "update_id": 274227, "user_id": 273, "id": 1833300, "testcase_feedback": [], "user": {"name": "wolnei", "email": "e@wolnei.com.br", "id": 273, "avatar": "https://seccdn.libravatar.org/avatar/80619c350617edf030f2667bd8ffe77ff68f515022f339677c4571a0b2ec8296?s=24&d=retro", "openid": "wolnei.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "triagers"}, {"name": "advocates"}]}}}, {"karma": 0, "comment_id": 1832161, "bug_id": 1918222, "comment": {"karma": 0, "karma_critpath": 0, "text": "I'm not sure that 'disabling' sync that early before EOL is the best option.\nMessage and link popping up under toolbar does not explain what's going on and what the user can do about it: https://www.chromium.org/developers/how-tos/api-keys\n\nIt would be great to replace it with a link to some quick-doc explaining what and why will happen in March and what to do about it (that Firefox can import most data and sync it between multiple devices and platforms). Maybe in the meantime some alternative will arise, e.g. Firefox Sync adapted in Chromium or other synchronization engine, after all many distros will have this problem and probably some devs rely on that feature.\n\nI'm using Chromium just to test website compatibility, but I installed or recommended it for many non-technical users as a Chrome replacement. I'm pretty sure most users don't check bodhi and won't know what hit them.", "timestamp": "2021-01-22 21:24:10", "update_id": 274227, "user_id": 3674, "id": 1832161, "testcase_feedback": [], "user": {"name": "ozeszty", "email": "ozeszty@gmail.com", "id": 3674, "avatar": "https://seccdn.libravatar.org/avatar/9aeace02fa2d54f1f5febd3460182261a6a518035ea75cc9d788240d6e669cbe?s=24&d=retro", "openid": "ozeszty.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918222, "comment": {"karma": 1, "karma_critpath": 0, "text": "I'll always prefer chromium over chrome. Thank you for your work.", "timestamp": "2021-01-24 07:17:56", "update_id": 274228, "user_id": 4054, "id": 1833870, "testcase_feedback": [], "user": {"name": "boycottsystemd1", "email": "boycottsystemd@yahoo.com", "id": 4054, "avatar": "https://seccdn.libravatar.org/avatar/72822ae5aa82ed9dc6cb7bb35646270744387f81df9ec50d2903e8d4e0bd8691?s=24&d=retro", "openid": "boycottsystemd1.id.fedoraproject.org", "groups": [{"name": "ipausers"}]}}}, {"karma": 0, "comment_id": 1832013, "bug_id": 1918222, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-22 19:12:00", "update_id": 274227, "user_id": 2935, "id": 1832013, "testcase_feedback": [], "user": {"name": "imabug", "email": "eugenemah@gmail.com", "id": 2935, "avatar": "https://seccdn.libravatar.org/avatar/ea8ba927783ee0ef10e6f05f14791abf925972bac4f31aba458058d3e7907a6d?s=24&d=retro", "openid": "imabug.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedora-hams"}]}}}, {"karma": 0, "comment_id": 1833107, "bug_id": 1918222, "comment": {"karma": 1, "karma_critpath": 0, "text": "Firefox FTW!", "timestamp": "2021-01-23 13:37:43", "update_id": 274227, "user_id": 4120, "id": 1833107, "testcase_feedback": [], "user": {"name": "atim", "email": "ego.cordatus@gmail.com", "id": 4120, "avatar": "https://seccdn.libravatar.org/avatar/8c3a317a13d88ca7421098b94cce0501c97ca2283e7139c4992df34f6218fb3b?s=24&d=retro", "openid": "atim.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "rust-sig"}]}}}, {"karma": 0, "comment_id": 1833372, "bug_id": 1918222, "comment": {"karma": 1, "karma_critpath": 0, "text": "**Thank you for maintaining the rpm !**", "timestamp": "2021-01-23 19:00:03", "update_id": 274227, "user_id": 6171, "id": 1833372, "testcase_feedback": [], "user": {"name": "x3dsf", "email": "talktofergus@gmail.com", "id": 6171, "avatar": "https://seccdn.libravatar.org/avatar/d05ae1bb65ea90306d28213b40ba72ff40de91b48767b282b0ae4f6a9fdee9f5?s=24&d=retro", "openid": "x3dsf.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1833207, "bug_id": 1918222, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-23 15:35:29", "update_id": 274227, "user_id": 5791, "id": 1833207, "testcase_feedback": [], "user": {"name": "pampelmuse", "email": "pampelmuse@gmx.at", "id": 5791, "avatar": "https://seccdn.libravatar.org/avatar/bb6c6342bfedc934915501150e118faf015cde0f79677ee978989c5234cd8b1b?s=24&d=retro", "openid": "pampelmuse.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 0, "comment_id": 1833904, "bug_id": 1918222, "comment": {"karma": 1, "karma_critpath": 0, "text": "Thank you for maintaining this package and for 'ripping the patch' up front, without adding a long pain to it. \nAlso, for whoever is here asking themselves if there is a fully functional browser with sync-ing capabilities, the answer is yes: Firefox. ;-)\n", "timestamp": "2021-01-24 08:40:50", "update_id": 274227, "user_id": 4635, "id": 1833904, "testcase_feedback": [], "user": {"name": "ckristi", "email": "ckristi@gmail.com", "id": 4635, "avatar": "https://seccdn.libravatar.org/avatar/7470b7723a1569ad482dd778bfca90f0f22571f574746af4f90a84b55d52d90f?s=24&d=retro", "openid": "ckristi.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1835458, "bug_id": 1918222, "comment": {"karma": 0, "karma_critpath": 0, "text": "Please consider keeping the package updated going forward.\n\nWhile sync is certainly a useful feature, it's entirely possible to use Chromium without ever enabling it; some people might even consider the removal of this Google-specific functionality an improvement.\n\nFirefox is a very valid alternative, and what I personally use, but the fact that the two browsers use different engines makes it quite valuable to have both in the distribution.", "timestamp": "2021-01-24 23:16:22", "update_id": 274227, "user_id": 5346, "id": 1835458, "testcase_feedback": [], "user": {"name": "abologna", "email": "eof@kiyuko.org", "id": 5346, "avatar": "https://seccdn.libravatar.org/avatar/b3a32a0d2dcf11525bcda6c548a2e371fefce6e356c3761abeb43c51e38d320e?s=24&d=retro", "openid": "abologna.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "wikiedit"}, {"name": "kubevirt"}]}}}, {"karma": 0, "comment_id": 1836831, "bug_id": 1918222, "comment": {"karma": 0, "karma_critpath": 0, "text": "Is removal actually correct? The email thread says that APIs like safe browsing are still available, but they won't be any longer if the API keys get removed.", "timestamp": "2021-01-25 18:38:52", "update_id": 274227, "user_id": 4713, "id": 1836831, "testcase_feedback": [], "user": {"name": "refi64", "email": "rymg19@gmail.com", "id": 4713, "avatar": "https://seccdn.libravatar.org/avatar/46c688fd5c97a57db2e5d09d34cc92fb478308e4abf18ecd6bc2cc6de397b57d?s=24&d=retro", "openid": "refi64.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1839212, "bug_id": 1918222, "comment": {"karma": 0, "karma_critpath": 0, "text": "I would say replace the package with Ungoogled Chromium. This is effectively the same to end-users once the APIs are blocked, with one major gain which is complete google APIs block and removal at user-end to prevent any tracking act by google. ", "timestamp": "2021-01-27 05:44:28", "update_id": 274227, "user_id": 6181, "id": 1839212, "testcase_feedback": [], "user": {"name": "mahmoudajawad", "email": "m.abduljawad@hey.com", "id": 6181, "avatar": "https://seccdn.libravatar.org/avatar/8ca985ad1641c9cf4f27302a22af8e585a6394f11d7c68dfbd10a579280a022f?s=24&d=retro", "openid": "mahmoudajawad.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918222, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thanks a lot @spot for your work in maintaining chromium. I can assure you that we (cockpit team) depend on having a good Chromium Fedora package, and that your effort is much appreciated!\n\nHonestly I have a hard time shedding a lot of emotions about this. People who care about not using Google proprietary stuff (like me, although I use Firefox on desktop and phone) shouldn't/won't use  the proprietary bookmark sync either; and people who don't care will either not care much about using chrome vs. chromium?", "timestamp": "2021-01-27 09:10:47", "update_id": 274228, "user_id": 3506, "id": 1839392, "testcase_feedback": [], "user": {"name": "martinpitt", "email": "mpitt@redhat.com", "id": 3506, "avatar": "https://seccdn.libravatar.org/avatar/a6a00790fadaca10623f4464437e482d4ec110fe331397506ea9fe2664bec740?s=24&d=retro", "openid": "martinpitt.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "cockpitteam"}, {"name": "ocp-cico-cockpit"}]}}}, {"karma": 0, "comment_id": 1843772, "bug_id": 1918222, "comment": {"karma": 0, "karma_critpath": 0, "text": "Personally I don't care one bit for Sync of Geolocation services. Those are one of the first things I try disable when using a browser. The warning at the startup however made me think it was a far more serious change that could hurt browsing security. I would keep the package, if I wanted the full Google experience I'd stick with Google Chrome.", "timestamp": "2021-01-29 13:18:23", "update_id": 274227, "user_id": 6192, "id": 1843772, "testcase_feedback": [], "user": {"name": "vedora", "email": "weetjenu@protonmail.com", "id": 6192, "avatar": "https://seccdn.libravatar.org/avatar/661ef5fab323bf214decbd6867540656fcc4181e6de41aa37a3a05ecd429a9a6?s=24&d=retro", "openid": "vedora.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1883793, "bug_id": 1918222, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thank you for continuing to maintain the package! Your builds so far have been top notch and this persuaded me to switch to Chromium partly (earlier a full fledged Firefox user, from way back when I was using Windows). It is indeed a real shame that Google has <sha> let us all down so much! Considering how much they use Linux: Linux apps are the closest to an actual ecosystem on ChromiumOS, they regularly let their open source projects AOSP and Chromium (OS)) wither away..\n\nAs I have also posted on arnoldthebat's update (https://arnoldthebat.co.uk/wordpress/2021/02/10/important-update/comment-page-1/?unapproved=114658&moderation-hash=1f39af0354eeb66a2907c367d1c07e47#comment-114658), and as echoed in this (https://www.techrepublic.com/article/google-stripping-chromium-of-certain-api-access-is-an-opportunity-for-the-browser-to-shine/), is it potentially possible for us to use our own form of syncing for Chromium browsers alone? There are a lot of open source devs who maintain the browser, and in arnold's case, the OS, and easily 3x as many users who need it to get away from the bad tech giant. Maybe such an API should help us get away for good.. (I personally can help test this on a phone and my laptop, on atleast 3 distributions and Android, and if I could, would love to help with the code as well (I went into the medical field #( ), and I do think all of us can band together for a while to get Chromium back to where it was)", "timestamp": "2021-02-12 08:38:37", "update_id": 274227, "user_id": 6222, "id": 1883793, "testcase_feedback": [], "user": {"name": "djremo", "email": "sidharth.sundaresan@gmail.com", "id": 6222, "avatar": "https://seccdn.libravatar.org/avatar/a0124676ecb3849c13610fbb482fcf48d33d7098e712ca7b49b56e01760cc7f9?s=24&d=retro", "openid": "djremo.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1912121, "bug_id": 1918222, "comment": {"karma": 1, "karma_critpath": 0, "text": "WoW! I started to use Chromium a while back, and it was glorious. Thank you for making Chromium for the masses; everyone owes you a great debt of gratitude. What you did was awesome, and it is sad. I am not much of a coder, but I am a philosopher, and I offer a eulogy (yeah, it's a program, I know; I have not lost it, work with me here).\n\nToday, I eulogize something beautiful under the most tragic of circumstances. It is like the death of a child, something created and has part of that creator in it. We are left with the questions of what if and why. It was not due to a faceless disease or defect inherited from the parents; it was murder. We know who did it. The killer is someone that we once gladly welcomed into our home. We trusted them with our personal communications, our many questions, and the records of our lives, all with the singular promise not to be evil. That was the first lie, but not the last. \n\nThe friend that we once trusted turned on us, and in secret, they practiced the dark arts and were possessed with the spirit of Google (for they are too many). Today, they have killed their brother Chromium, and his code still cries out from the ground, but are we listening? Power corrupts, and absolute power corrupts absolutely, and now they have become death: the destroyer of worlds. \n\nPrince Chromium is dead, and now we are left with his useless brother sitting on the throne and breaking nuts with the royal seal. The King is dead; long live the king; now, what about us?", "timestamp": "2021-03-02 08:02:43", "update_id": 274227, "user_id": 6267, "id": 1912121, "testcase_feedback": [], "user": {"name": "whstoermer", "email": "whs_1984@hotmail.com", "id": 6267, "avatar": "https://seccdn.libravatar.org/avatar/ef94db85e17e29d82cb493106dd7fc9700940263b168aa427444855ac703c066?s=24&d=retro", "openid": "whstoermer.id.fedoraproject.org", "groups": []}}}]}, {"bug_id": 1918223, "title": "CVE-2021-21122 chromium-browser: Use after free in Blink", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 1833300, "bug_id": 1918223, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works for me.", "timestamp": "2021-01-23 17:07:27", "update_id": 274227, "user_id": 273, "id": 1833300, "testcase_feedback": [], "user": {"name": "wolnei", "email": "e@wolnei.com.br", "id": 273, "avatar": "https://seccdn.libravatar.org/avatar/80619c350617edf030f2667bd8ffe77ff68f515022f339677c4571a0b2ec8296?s=24&d=retro", "openid": "wolnei.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "triagers"}, {"name": "advocates"}]}}}, {"karma": 0, "comment_id": 1832161, "bug_id": 1918223, "comment": {"karma": 0, "karma_critpath": 0, "text": "I'm not sure that 'disabling' sync that early before EOL is the best option.\nMessage and link popping up under toolbar does not explain what's going on and what the user can do about it: https://www.chromium.org/developers/how-tos/api-keys\n\nIt would be great to replace it with a link to some quick-doc explaining what and why will happen in March and what to do about it (that Firefox can import most data and sync it between multiple devices and platforms). Maybe in the meantime some alternative will arise, e.g. Firefox Sync adapted in Chromium or other synchronization engine, after all many distros will have this problem and probably some devs rely on that feature.\n\nI'm using Chromium just to test website compatibility, but I installed or recommended it for many non-technical users as a Chrome replacement. I'm pretty sure most users don't check bodhi and won't know what hit them.", "timestamp": "2021-01-22 21:24:10", "update_id": 274227, "user_id": 3674, "id": 1832161, "testcase_feedback": [], "user": {"name": "ozeszty", "email": "ozeszty@gmail.com", "id": 3674, "avatar": "https://seccdn.libravatar.org/avatar/9aeace02fa2d54f1f5febd3460182261a6a518035ea75cc9d788240d6e669cbe?s=24&d=retro", "openid": "ozeszty.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918223, "comment": {"karma": 1, "karma_critpath": 0, "text": "I'll always prefer chromium over chrome. Thank you for your work.", "timestamp": "2021-01-24 07:17:56", "update_id": 274228, "user_id": 4054, "id": 1833870, "testcase_feedback": [], "user": {"name": "boycottsystemd1", "email": "boycottsystemd@yahoo.com", "id": 4054, "avatar": "https://seccdn.libravatar.org/avatar/72822ae5aa82ed9dc6cb7bb35646270744387f81df9ec50d2903e8d4e0bd8691?s=24&d=retro", "openid": "boycottsystemd1.id.fedoraproject.org", "groups": [{"name": "ipausers"}]}}}, {"karma": 0, "comment_id": 1832013, "bug_id": 1918223, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-22 19:12:00", "update_id": 274227, "user_id": 2935, "id": 1832013, "testcase_feedback": [], "user": {"name": "imabug", "email": "eugenemah@gmail.com", "id": 2935, "avatar": "https://seccdn.libravatar.org/avatar/ea8ba927783ee0ef10e6f05f14791abf925972bac4f31aba458058d3e7907a6d?s=24&d=retro", "openid": "imabug.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedora-hams"}]}}}, {"karma": 0, "comment_id": 1833107, "bug_id": 1918223, "comment": {"karma": 1, "karma_critpath": 0, "text": "Firefox FTW!", "timestamp": "2021-01-23 13:37:43", "update_id": 274227, "user_id": 4120, "id": 1833107, "testcase_feedback": [], "user": {"name": "atim", "email": "ego.cordatus@gmail.com", "id": 4120, "avatar": "https://seccdn.libravatar.org/avatar/8c3a317a13d88ca7421098b94cce0501c97ca2283e7139c4992df34f6218fb3b?s=24&d=retro", "openid": "atim.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "rust-sig"}]}}}, {"karma": 0, "comment_id": 1833372, "bug_id": 1918223, "comment": {"karma": 1, "karma_critpath": 0, "text": "**Thank you for maintaining the rpm !**", "timestamp": "2021-01-23 19:00:03", "update_id": 274227, "user_id": 6171, "id": 1833372, "testcase_feedback": [], "user": {"name": "x3dsf", "email": "talktofergus@gmail.com", "id": 6171, "avatar": "https://seccdn.libravatar.org/avatar/d05ae1bb65ea90306d28213b40ba72ff40de91b48767b282b0ae4f6a9fdee9f5?s=24&d=retro", "openid": "x3dsf.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1833207, "bug_id": 1918223, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-23 15:35:29", "update_id": 274227, "user_id": 5791, "id": 1833207, "testcase_feedback": [], "user": {"name": "pampelmuse", "email": "pampelmuse@gmx.at", "id": 5791, "avatar": "https://seccdn.libravatar.org/avatar/bb6c6342bfedc934915501150e118faf015cde0f79677ee978989c5234cd8b1b?s=24&d=retro", "openid": "pampelmuse.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 0, "comment_id": 1833904, "bug_id": 1918223, "comment": {"karma": 1, "karma_critpath": 0, "text": "Thank you for maintaining this package and for 'ripping the patch' up front, without adding a long pain to it. \nAlso, for whoever is here asking themselves if there is a fully functional browser with sync-ing capabilities, the answer is yes: Firefox. ;-)\n", "timestamp": "2021-01-24 08:40:50", "update_id": 274227, "user_id": 4635, "id": 1833904, "testcase_feedback": [], "user": {"name": "ckristi", "email": "ckristi@gmail.com", "id": 4635, "avatar": "https://seccdn.libravatar.org/avatar/7470b7723a1569ad482dd778bfca90f0f22571f574746af4f90a84b55d52d90f?s=24&d=retro", "openid": "ckristi.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1835458, "bug_id": 1918223, "comment": {"karma": 0, "karma_critpath": 0, "text": "Please consider keeping the package updated going forward.\n\nWhile sync is certainly a useful feature, it's entirely possible to use Chromium without ever enabling it; some people might even consider the removal of this Google-specific functionality an improvement.\n\nFirefox is a very valid alternative, and what I personally use, but the fact that the two browsers use different engines makes it quite valuable to have both in the distribution.", "timestamp": "2021-01-24 23:16:22", "update_id": 274227, "user_id": 5346, "id": 1835458, "testcase_feedback": [], "user": {"name": "abologna", "email": "eof@kiyuko.org", "id": 5346, "avatar": "https://seccdn.libravatar.org/avatar/b3a32a0d2dcf11525bcda6c548a2e371fefce6e356c3761abeb43c51e38d320e?s=24&d=retro", "openid": "abologna.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "wikiedit"}, {"name": "kubevirt"}]}}}, {"karma": 0, "comment_id": 1836831, "bug_id": 1918223, "comment": {"karma": 0, "karma_critpath": 0, "text": "Is removal actually correct? The email thread says that APIs like safe browsing are still available, but they won't be any longer if the API keys get removed.", "timestamp": "2021-01-25 18:38:52", "update_id": 274227, "user_id": 4713, "id": 1836831, "testcase_feedback": [], "user": {"name": "refi64", "email": "rymg19@gmail.com", "id": 4713, "avatar": "https://seccdn.libravatar.org/avatar/46c688fd5c97a57db2e5d09d34cc92fb478308e4abf18ecd6bc2cc6de397b57d?s=24&d=retro", "openid": "refi64.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1839212, "bug_id": 1918223, "comment": {"karma": 0, "karma_critpath": 0, "text": "I would say replace the package with Ungoogled Chromium. This is effectively the same to end-users once the APIs are blocked, with one major gain which is complete google APIs block and removal at user-end to prevent any tracking act by google. ", "timestamp": "2021-01-27 05:44:28", "update_id": 274227, "user_id": 6181, "id": 1839212, "testcase_feedback": [], "user": {"name": "mahmoudajawad", "email": "m.abduljawad@hey.com", "id": 6181, "avatar": "https://seccdn.libravatar.org/avatar/8ca985ad1641c9cf4f27302a22af8e585a6394f11d7c68dfbd10a579280a022f?s=24&d=retro", "openid": "mahmoudajawad.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918223, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thanks a lot @spot for your work in maintaining chromium. I can assure you that we (cockpit team) depend on having a good Chromium Fedora package, and that your effort is much appreciated!\n\nHonestly I have a hard time shedding a lot of emotions about this. People who care about not using Google proprietary stuff (like me, although I use Firefox on desktop and phone) shouldn't/won't use  the proprietary bookmark sync either; and people who don't care will either not care much about using chrome vs. chromium?", "timestamp": "2021-01-27 09:10:47", "update_id": 274228, "user_id": 3506, "id": 1839392, "testcase_feedback": [], "user": {"name": "martinpitt", "email": "mpitt@redhat.com", "id": 3506, "avatar": "https://seccdn.libravatar.org/avatar/a6a00790fadaca10623f4464437e482d4ec110fe331397506ea9fe2664bec740?s=24&d=retro", "openid": "martinpitt.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "cockpitteam"}, {"name": "ocp-cico-cockpit"}]}}}, {"karma": 0, "comment_id": 1843772, "bug_id": 1918223, "comment": {"karma": 0, "karma_critpath": 0, "text": "Personally I don't care one bit for Sync of Geolocation services. Those are one of the first things I try disable when using a browser. The warning at the startup however made me think it was a far more serious change that could hurt browsing security. I would keep the package, if I wanted the full Google experience I'd stick with Google Chrome.", "timestamp": "2021-01-29 13:18:23", "update_id": 274227, "user_id": 6192, "id": 1843772, "testcase_feedback": [], "user": {"name": "vedora", "email": "weetjenu@protonmail.com", "id": 6192, "avatar": "https://seccdn.libravatar.org/avatar/661ef5fab323bf214decbd6867540656fcc4181e6de41aa37a3a05ecd429a9a6?s=24&d=retro", "openid": "vedora.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1883793, "bug_id": 1918223, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thank you for continuing to maintain the package! Your builds so far have been top notch and this persuaded me to switch to Chromium partly (earlier a full fledged Firefox user, from way back when I was using Windows). It is indeed a real shame that Google has <sha> let us all down so much! Considering how much they use Linux: Linux apps are the closest to an actual ecosystem on ChromiumOS, they regularly let their open source projects AOSP and Chromium (OS)) wither away..\n\nAs I have also posted on arnoldthebat's update (https://arnoldthebat.co.uk/wordpress/2021/02/10/important-update/comment-page-1/?unapproved=114658&moderation-hash=1f39af0354eeb66a2907c367d1c07e47#comment-114658), and as echoed in this (https://www.techrepublic.com/article/google-stripping-chromium-of-certain-api-access-is-an-opportunity-for-the-browser-to-shine/), is it potentially possible for us to use our own form of syncing for Chromium browsers alone? There are a lot of open source devs who maintain the browser, and in arnold's case, the OS, and easily 3x as many users who need it to get away from the bad tech giant. Maybe such an API should help us get away for good.. (I personally can help test this on a phone and my laptop, on atleast 3 distributions and Android, and if I could, would love to help with the code as well (I went into the medical field #( ), and I do think all of us can band together for a while to get Chromium back to where it was)", "timestamp": "2021-02-12 08:38:37", "update_id": 274227, "user_id": 6222, "id": 1883793, "testcase_feedback": [], "user": {"name": "djremo", "email": "sidharth.sundaresan@gmail.com", "id": 6222, "avatar": "https://seccdn.libravatar.org/avatar/a0124676ecb3849c13610fbb482fcf48d33d7098e712ca7b49b56e01760cc7f9?s=24&d=retro", "openid": "djremo.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1912121, "bug_id": 1918223, "comment": {"karma": 1, "karma_critpath": 0, "text": "WoW! I started to use Chromium a while back, and it was glorious. Thank you for making Chromium for the masses; everyone owes you a great debt of gratitude. What you did was awesome, and it is sad. I am not much of a coder, but I am a philosopher, and I offer a eulogy (yeah, it's a program, I know; I have not lost it, work with me here).\n\nToday, I eulogize something beautiful under the most tragic of circumstances. It is like the death of a child, something created and has part of that creator in it. We are left with the questions of what if and why. It was not due to a faceless disease or defect inherited from the parents; it was murder. We know who did it. The killer is someone that we once gladly welcomed into our home. We trusted them with our personal communications, our many questions, and the records of our lives, all with the singular promise not to be evil. That was the first lie, but not the last. \n\nThe friend that we once trusted turned on us, and in secret, they practiced the dark arts and were possessed with the spirit of Google (for they are too many). Today, they have killed their brother Chromium, and his code still cries out from the ground, but are we listening? Power corrupts, and absolute power corrupts absolutely, and now they have become death: the destroyer of worlds. \n\nPrince Chromium is dead, and now we are left with his useless brother sitting on the throne and breaking nuts with the royal seal. The King is dead; long live the king; now, what about us?", "timestamp": "2021-03-02 08:02:43", "update_id": 274227, "user_id": 6267, "id": 1912121, "testcase_feedback": [], "user": {"name": "whstoermer", "email": "whs_1984@hotmail.com", "id": 6267, "avatar": "https://seccdn.libravatar.org/avatar/ef94db85e17e29d82cb493106dd7fc9700940263b168aa427444855ac703c066?s=24&d=retro", "openid": "whstoermer.id.fedoraproject.org", "groups": []}}}]}, {"bug_id": 1918224, "title": "CVE-2021-21123 chromium-browser: Insufficient data validation in File System API", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 1833300, "bug_id": 1918224, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works for me.", "timestamp": "2021-01-23 17:07:27", "update_id": 274227, "user_id": 273, "id": 1833300, "testcase_feedback": [], "user": {"name": "wolnei", "email": "e@wolnei.com.br", "id": 273, "avatar": "https://seccdn.libravatar.org/avatar/80619c350617edf030f2667bd8ffe77ff68f515022f339677c4571a0b2ec8296?s=24&d=retro", "openid": "wolnei.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "triagers"}, {"name": "advocates"}]}}}, {"karma": 0, "comment_id": 1832161, "bug_id": 1918224, "comment": {"karma": 0, "karma_critpath": 0, "text": "I'm not sure that 'disabling' sync that early before EOL is the best option.\nMessage and link popping up under toolbar does not explain what's going on and what the user can do about it: https://www.chromium.org/developers/how-tos/api-keys\n\nIt would be great to replace it with a link to some quick-doc explaining what and why will happen in March and what to do about it (that Firefox can import most data and sync it between multiple devices and platforms). Maybe in the meantime some alternative will arise, e.g. Firefox Sync adapted in Chromium or other synchronization engine, after all many distros will have this problem and probably some devs rely on that feature.\n\nI'm using Chromium just to test website compatibility, but I installed or recommended it for many non-technical users as a Chrome replacement. I'm pretty sure most users don't check bodhi and won't know what hit them.", "timestamp": "2021-01-22 21:24:10", "update_id": 274227, "user_id": 3674, "id": 1832161, "testcase_feedback": [], "user": {"name": "ozeszty", "email": "ozeszty@gmail.com", "id": 3674, "avatar": "https://seccdn.libravatar.org/avatar/9aeace02fa2d54f1f5febd3460182261a6a518035ea75cc9d788240d6e669cbe?s=24&d=retro", "openid": "ozeszty.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918224, "comment": {"karma": 1, "karma_critpath": 0, "text": "I'll always prefer chromium over chrome. Thank you for your work.", "timestamp": "2021-01-24 07:17:56", "update_id": 274228, "user_id": 4054, "id": 1833870, "testcase_feedback": [], "user": {"name": "boycottsystemd1", "email": "boycottsystemd@yahoo.com", "id": 4054, "avatar": "https://seccdn.libravatar.org/avatar/72822ae5aa82ed9dc6cb7bb35646270744387f81df9ec50d2903e8d4e0bd8691?s=24&d=retro", "openid": "boycottsystemd1.id.fedoraproject.org", "groups": [{"name": "ipausers"}]}}}, {"karma": 0, "comment_id": 1832013, "bug_id": 1918224, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-22 19:12:00", "update_id": 274227, "user_id": 2935, "id": 1832013, "testcase_feedback": [], "user": {"name": "imabug", "email": "eugenemah@gmail.com", "id": 2935, "avatar": "https://seccdn.libravatar.org/avatar/ea8ba927783ee0ef10e6f05f14791abf925972bac4f31aba458058d3e7907a6d?s=24&d=retro", "openid": "imabug.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedora-hams"}]}}}, {"karma": 0, "comment_id": 1833107, "bug_id": 1918224, "comment": {"karma": 1, "karma_critpath": 0, "text": "Firefox FTW!", "timestamp": "2021-01-23 13:37:43", "update_id": 274227, "user_id": 4120, "id": 1833107, "testcase_feedback": [], "user": {"name": "atim", "email": "ego.cordatus@gmail.com", "id": 4120, "avatar": "https://seccdn.libravatar.org/avatar/8c3a317a13d88ca7421098b94cce0501c97ca2283e7139c4992df34f6218fb3b?s=24&d=retro", "openid": "atim.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "rust-sig"}]}}}, {"karma": 0, "comment_id": 1833372, "bug_id": 1918224, "comment": {"karma": 1, "karma_critpath": 0, "text": "**Thank you for maintaining the rpm !**", "timestamp": "2021-01-23 19:00:03", "update_id": 274227, "user_id": 6171, "id": 1833372, "testcase_feedback": [], "user": {"name": "x3dsf", "email": "talktofergus@gmail.com", "id": 6171, "avatar": "https://seccdn.libravatar.org/avatar/d05ae1bb65ea90306d28213b40ba72ff40de91b48767b282b0ae4f6a9fdee9f5?s=24&d=retro", "openid": "x3dsf.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1833207, "bug_id": 1918224, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-23 15:35:29", "update_id": 274227, "user_id": 5791, "id": 1833207, "testcase_feedback": [], "user": {"name": "pampelmuse", "email": "pampelmuse@gmx.at", "id": 5791, "avatar": "https://seccdn.libravatar.org/avatar/bb6c6342bfedc934915501150e118faf015cde0f79677ee978989c5234cd8b1b?s=24&d=retro", "openid": "pampelmuse.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 0, "comment_id": 1833904, "bug_id": 1918224, "comment": {"karma": 1, "karma_critpath": 0, "text": "Thank you for maintaining this package and for 'ripping the patch' up front, without adding a long pain to it. \nAlso, for whoever is here asking themselves if there is a fully functional browser with sync-ing capabilities, the answer is yes: Firefox. ;-)\n", "timestamp": "2021-01-24 08:40:50", "update_id": 274227, "user_id": 4635, "id": 1833904, "testcase_feedback": [], "user": {"name": "ckristi", "email": "ckristi@gmail.com", "id": 4635, "avatar": "https://seccdn.libravatar.org/avatar/7470b7723a1569ad482dd778bfca90f0f22571f574746af4f90a84b55d52d90f?s=24&d=retro", "openid": "ckristi.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1835458, "bug_id": 1918224, "comment": {"karma": 0, "karma_critpath": 0, "text": "Please consider keeping the package updated going forward.\n\nWhile sync is certainly a useful feature, it's entirely possible to use Chromium without ever enabling it; some people might even consider the removal of this Google-specific functionality an improvement.\n\nFirefox is a very valid alternative, and what I personally use, but the fact that the two browsers use different engines makes it quite valuable to have both in the distribution.", "timestamp": "2021-01-24 23:16:22", "update_id": 274227, "user_id": 5346, "id": 1835458, "testcase_feedback": [], "user": {"name": "abologna", "email": "eof@kiyuko.org", "id": 5346, "avatar": "https://seccdn.libravatar.org/avatar/b3a32a0d2dcf11525bcda6c548a2e371fefce6e356c3761abeb43c51e38d320e?s=24&d=retro", "openid": "abologna.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "wikiedit"}, {"name": "kubevirt"}]}}}, {"karma": 0, "comment_id": 1836831, "bug_id": 1918224, "comment": {"karma": 0, "karma_critpath": 0, "text": "Is removal actually correct? The email thread says that APIs like safe browsing are still available, but they won't be any longer if the API keys get removed.", "timestamp": "2021-01-25 18:38:52", "update_id": 274227, "user_id": 4713, "id": 1836831, "testcase_feedback": [], "user": {"name": "refi64", "email": "rymg19@gmail.com", "id": 4713, "avatar": "https://seccdn.libravatar.org/avatar/46c688fd5c97a57db2e5d09d34cc92fb478308e4abf18ecd6bc2cc6de397b57d?s=24&d=retro", "openid": "refi64.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1839212, "bug_id": 1918224, "comment": {"karma": 0, "karma_critpath": 0, "text": "I would say replace the package with Ungoogled Chromium. This is effectively the same to end-users once the APIs are blocked, with one major gain which is complete google APIs block and removal at user-end to prevent any tracking act by google. ", "timestamp": "2021-01-27 05:44:28", "update_id": 274227, "user_id": 6181, "id": 1839212, "testcase_feedback": [], "user": {"name": "mahmoudajawad", "email": "m.abduljawad@hey.com", "id": 6181, "avatar": "https://seccdn.libravatar.org/avatar/8ca985ad1641c9cf4f27302a22af8e585a6394f11d7c68dfbd10a579280a022f?s=24&d=retro", "openid": "mahmoudajawad.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918224, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thanks a lot @spot for your work in maintaining chromium. I can assure you that we (cockpit team) depend on having a good Chromium Fedora package, and that your effort is much appreciated!\n\nHonestly I have a hard time shedding a lot of emotions about this. People who care about not using Google proprietary stuff (like me, although I use Firefox on desktop and phone) shouldn't/won't use  the proprietary bookmark sync either; and people who don't care will either not care much about using chrome vs. chromium?", "timestamp": "2021-01-27 09:10:47", "update_id": 274228, "user_id": 3506, "id": 1839392, "testcase_feedback": [], "user": {"name": "martinpitt", "email": "mpitt@redhat.com", "id": 3506, "avatar": "https://seccdn.libravatar.org/avatar/a6a00790fadaca10623f4464437e482d4ec110fe331397506ea9fe2664bec740?s=24&d=retro", "openid": "martinpitt.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "cockpitteam"}, {"name": "ocp-cico-cockpit"}]}}}, {"karma": 0, "comment_id": 1843772, "bug_id": 1918224, "comment": {"karma": 0, "karma_critpath": 0, "text": "Personally I don't care one bit for Sync of Geolocation services. Those are one of the first things I try disable when using a browser. The warning at the startup however made me think it was a far more serious change that could hurt browsing security. I would keep the package, if I wanted the full Google experience I'd stick with Google Chrome.", "timestamp": "2021-01-29 13:18:23", "update_id": 274227, "user_id": 6192, "id": 1843772, "testcase_feedback": [], "user": {"name": "vedora", "email": "weetjenu@protonmail.com", "id": 6192, "avatar": "https://seccdn.libravatar.org/avatar/661ef5fab323bf214decbd6867540656fcc4181e6de41aa37a3a05ecd429a9a6?s=24&d=retro", "openid": "vedora.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1883793, "bug_id": 1918224, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thank you for continuing to maintain the package! Your builds so far have been top notch and this persuaded me to switch to Chromium partly (earlier a full fledged Firefox user, from way back when I was using Windows). It is indeed a real shame that Google has <sha> let us all down so much! Considering how much they use Linux: Linux apps are the closest to an actual ecosystem on ChromiumOS, they regularly let their open source projects AOSP and Chromium (OS)) wither away..\n\nAs I have also posted on arnoldthebat's update (https://arnoldthebat.co.uk/wordpress/2021/02/10/important-update/comment-page-1/?unapproved=114658&moderation-hash=1f39af0354eeb66a2907c367d1c07e47#comment-114658), and as echoed in this (https://www.techrepublic.com/article/google-stripping-chromium-of-certain-api-access-is-an-opportunity-for-the-browser-to-shine/), is it potentially possible for us to use our own form of syncing for Chromium browsers alone? There are a lot of open source devs who maintain the browser, and in arnold's case, the OS, and easily 3x as many users who need it to get away from the bad tech giant. Maybe such an API should help us get away for good.. (I personally can help test this on a phone and my laptop, on atleast 3 distributions and Android, and if I could, would love to help with the code as well (I went into the medical field #( ), and I do think all of us can band together for a while to get Chromium back to where it was)", "timestamp": "2021-02-12 08:38:37", "update_id": 274227, "user_id": 6222, "id": 1883793, "testcase_feedback": [], "user": {"name": "djremo", "email": "sidharth.sundaresan@gmail.com", "id": 6222, "avatar": "https://seccdn.libravatar.org/avatar/a0124676ecb3849c13610fbb482fcf48d33d7098e712ca7b49b56e01760cc7f9?s=24&d=retro", "openid": "djremo.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1912121, "bug_id": 1918224, "comment": {"karma": 1, "karma_critpath": 0, "text": "WoW! I started to use Chromium a while back, and it was glorious. Thank you for making Chromium for the masses; everyone owes you a great debt of gratitude. What you did was awesome, and it is sad. I am not much of a coder, but I am a philosopher, and I offer a eulogy (yeah, it's a program, I know; I have not lost it, work with me here).\n\nToday, I eulogize something beautiful under the most tragic of circumstances. It is like the death of a child, something created and has part of that creator in it. We are left with the questions of what if and why. It was not due to a faceless disease or defect inherited from the parents; it was murder. We know who did it. The killer is someone that we once gladly welcomed into our home. We trusted them with our personal communications, our many questions, and the records of our lives, all with the singular promise not to be evil. That was the first lie, but not the last. \n\nThe friend that we once trusted turned on us, and in secret, they practiced the dark arts and were possessed with the spirit of Google (for they are too many). Today, they have killed their brother Chromium, and his code still cries out from the ground, but are we listening? Power corrupts, and absolute power corrupts absolutely, and now they have become death: the destroyer of worlds. \n\nPrince Chromium is dead, and now we are left with his useless brother sitting on the throne and breaking nuts with the royal seal. The King is dead; long live the king; now, what about us?", "timestamp": "2021-03-02 08:02:43", "update_id": 274227, "user_id": 6267, "id": 1912121, "testcase_feedback": [], "user": {"name": "whstoermer", "email": "whs_1984@hotmail.com", "id": 6267, "avatar": "https://seccdn.libravatar.org/avatar/ef94db85e17e29d82cb493106dd7fc9700940263b168aa427444855ac703c066?s=24&d=retro", "openid": "whstoermer.id.fedoraproject.org", "groups": []}}}]}, {"bug_id": 1918225, "title": "CVE-2021-21124 chromium-browser: Potential user after free in Speech Recognizer", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 1833300, "bug_id": 1918225, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works for me.", "timestamp": "2021-01-23 17:07:27", "update_id": 274227, "user_id": 273, "id": 1833300, "testcase_feedback": [], "user": {"name": "wolnei", "email": "e@wolnei.com.br", "id": 273, "avatar": "https://seccdn.libravatar.org/avatar/80619c350617edf030f2667bd8ffe77ff68f515022f339677c4571a0b2ec8296?s=24&d=retro", "openid": "wolnei.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "triagers"}, {"name": "advocates"}]}}}, {"karma": 0, "comment_id": 1832161, "bug_id": 1918225, "comment": {"karma": 0, "karma_critpath": 0, "text": "I'm not sure that 'disabling' sync that early before EOL is the best option.\nMessage and link popping up under toolbar does not explain what's going on and what the user can do about it: https://www.chromium.org/developers/how-tos/api-keys\n\nIt would be great to replace it with a link to some quick-doc explaining what and why will happen in March and what to do about it (that Firefox can import most data and sync it between multiple devices and platforms). Maybe in the meantime some alternative will arise, e.g. Firefox Sync adapted in Chromium or other synchronization engine, after all many distros will have this problem and probably some devs rely on that feature.\n\nI'm using Chromium just to test website compatibility, but I installed or recommended it for many non-technical users as a Chrome replacement. I'm pretty sure most users don't check bodhi and won't know what hit them.", "timestamp": "2021-01-22 21:24:10", "update_id": 274227, "user_id": 3674, "id": 1832161, "testcase_feedback": [], "user": {"name": "ozeszty", "email": "ozeszty@gmail.com", "id": 3674, "avatar": "https://seccdn.libravatar.org/avatar/9aeace02fa2d54f1f5febd3460182261a6a518035ea75cc9d788240d6e669cbe?s=24&d=retro", "openid": "ozeszty.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918225, "comment": {"karma": 1, "karma_critpath": 0, "text": "I'll always prefer chromium over chrome. Thank you for your work.", "timestamp": "2021-01-24 07:17:56", "update_id": 274228, "user_id": 4054, "id": 1833870, "testcase_feedback": [], "user": {"name": "boycottsystemd1", "email": "boycottsystemd@yahoo.com", "id": 4054, "avatar": "https://seccdn.libravatar.org/avatar/72822ae5aa82ed9dc6cb7bb35646270744387f81df9ec50d2903e8d4e0bd8691?s=24&d=retro", "openid": "boycottsystemd1.id.fedoraproject.org", "groups": [{"name": "ipausers"}]}}}, {"karma": 0, "comment_id": 1832013, "bug_id": 1918225, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-22 19:12:00", "update_id": 274227, "user_id": 2935, "id": 1832013, "testcase_feedback": [], "user": {"name": "imabug", "email": "eugenemah@gmail.com", "id": 2935, "avatar": "https://seccdn.libravatar.org/avatar/ea8ba927783ee0ef10e6f05f14791abf925972bac4f31aba458058d3e7907a6d?s=24&d=retro", "openid": "imabug.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedora-hams"}]}}}, {"karma": 0, "comment_id": 1833107, "bug_id": 1918225, "comment": {"karma": 1, "karma_critpath": 0, "text": "Firefox FTW!", "timestamp": "2021-01-23 13:37:43", "update_id": 274227, "user_id": 4120, "id": 1833107, "testcase_feedback": [], "user": {"name": "atim", "email": "ego.cordatus@gmail.com", "id": 4120, "avatar": "https://seccdn.libravatar.org/avatar/8c3a317a13d88ca7421098b94cce0501c97ca2283e7139c4992df34f6218fb3b?s=24&d=retro", "openid": "atim.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "rust-sig"}]}}}, {"karma": 0, "comment_id": 1833372, "bug_id": 1918225, "comment": {"karma": 1, "karma_critpath": 0, "text": "**Thank you for maintaining the rpm !**", "timestamp": "2021-01-23 19:00:03", "update_id": 274227, "user_id": 6171, "id": 1833372, "testcase_feedback": [], "user": {"name": "x3dsf", "email": "talktofergus@gmail.com", "id": 6171, "avatar": "https://seccdn.libravatar.org/avatar/d05ae1bb65ea90306d28213b40ba72ff40de91b48767b282b0ae4f6a9fdee9f5?s=24&d=retro", "openid": "x3dsf.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1833207, "bug_id": 1918225, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-23 15:35:29", "update_id": 274227, "user_id": 5791, "id": 1833207, "testcase_feedback": [], "user": {"name": "pampelmuse", "email": "pampelmuse@gmx.at", "id": 5791, "avatar": "https://seccdn.libravatar.org/avatar/bb6c6342bfedc934915501150e118faf015cde0f79677ee978989c5234cd8b1b?s=24&d=retro", "openid": "pampelmuse.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 0, "comment_id": 1833904, "bug_id": 1918225, "comment": {"karma": 1, "karma_critpath": 0, "text": "Thank you for maintaining this package and for 'ripping the patch' up front, without adding a long pain to it. \nAlso, for whoever is here asking themselves if there is a fully functional browser with sync-ing capabilities, the answer is yes: Firefox. ;-)\n", "timestamp": "2021-01-24 08:40:50", "update_id": 274227, "user_id": 4635, "id": 1833904, "testcase_feedback": [], "user": {"name": "ckristi", "email": "ckristi@gmail.com", "id": 4635, "avatar": "https://seccdn.libravatar.org/avatar/7470b7723a1569ad482dd778bfca90f0f22571f574746af4f90a84b55d52d90f?s=24&d=retro", "openid": "ckristi.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1835458, "bug_id": 1918225, "comment": {"karma": 0, "karma_critpath": 0, "text": "Please consider keeping the package updated going forward.\n\nWhile sync is certainly a useful feature, it's entirely possible to use Chromium without ever enabling it; some people might even consider the removal of this Google-specific functionality an improvement.\n\nFirefox is a very valid alternative, and what I personally use, but the fact that the two browsers use different engines makes it quite valuable to have both in the distribution.", "timestamp": "2021-01-24 23:16:22", "update_id": 274227, "user_id": 5346, "id": 1835458, "testcase_feedback": [], "user": {"name": "abologna", "email": "eof@kiyuko.org", "id": 5346, "avatar": "https://seccdn.libravatar.org/avatar/b3a32a0d2dcf11525bcda6c548a2e371fefce6e356c3761abeb43c51e38d320e?s=24&d=retro", "openid": "abologna.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "wikiedit"}, {"name": "kubevirt"}]}}}, {"karma": 0, "comment_id": 1836831, "bug_id": 1918225, "comment": {"karma": 0, "karma_critpath": 0, "text": "Is removal actually correct? The email thread says that APIs like safe browsing are still available, but they won't be any longer if the API keys get removed.", "timestamp": "2021-01-25 18:38:52", "update_id": 274227, "user_id": 4713, "id": 1836831, "testcase_feedback": [], "user": {"name": "refi64", "email": "rymg19@gmail.com", "id": 4713, "avatar": "https://seccdn.libravatar.org/avatar/46c688fd5c97a57db2e5d09d34cc92fb478308e4abf18ecd6bc2cc6de397b57d?s=24&d=retro", "openid": "refi64.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1839212, "bug_id": 1918225, "comment": {"karma": 0, "karma_critpath": 0, "text": "I would say replace the package with Ungoogled Chromium. This is effectively the same to end-users once the APIs are blocked, with one major gain which is complete google APIs block and removal at user-end to prevent any tracking act by google. ", "timestamp": "2021-01-27 05:44:28", "update_id": 274227, "user_id": 6181, "id": 1839212, "testcase_feedback": [], "user": {"name": "mahmoudajawad", "email": "m.abduljawad@hey.com", "id": 6181, "avatar": "https://seccdn.libravatar.org/avatar/8ca985ad1641c9cf4f27302a22af8e585a6394f11d7c68dfbd10a579280a022f?s=24&d=retro", "openid": "mahmoudajawad.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918225, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thanks a lot @spot for your work in maintaining chromium. I can assure you that we (cockpit team) depend on having a good Chromium Fedora package, and that your effort is much appreciated!\n\nHonestly I have a hard time shedding a lot of emotions about this. People who care about not using Google proprietary stuff (like me, although I use Firefox on desktop and phone) shouldn't/won't use  the proprietary bookmark sync either; and people who don't care will either not care much about using chrome vs. chromium?", "timestamp": "2021-01-27 09:10:47", "update_id": 274228, "user_id": 3506, "id": 1839392, "testcase_feedback": [], "user": {"name": "martinpitt", "email": "mpitt@redhat.com", "id": 3506, "avatar": "https://seccdn.libravatar.org/avatar/a6a00790fadaca10623f4464437e482d4ec110fe331397506ea9fe2664bec740?s=24&d=retro", "openid": "martinpitt.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "cockpitteam"}, {"name": "ocp-cico-cockpit"}]}}}, {"karma": 0, "comment_id": 1843772, "bug_id": 1918225, "comment": {"karma": 0, "karma_critpath": 0, "text": "Personally I don't care one bit for Sync of Geolocation services. Those are one of the first things I try disable when using a browser. The warning at the startup however made me think it was a far more serious change that could hurt browsing security. I would keep the package, if I wanted the full Google experience I'd stick with Google Chrome.", "timestamp": "2021-01-29 13:18:23", "update_id": 274227, "user_id": 6192, "id": 1843772, "testcase_feedback": [], "user": {"name": "vedora", "email": "weetjenu@protonmail.com", "id": 6192, "avatar": "https://seccdn.libravatar.org/avatar/661ef5fab323bf214decbd6867540656fcc4181e6de41aa37a3a05ecd429a9a6?s=24&d=retro", "openid": "vedora.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1883793, "bug_id": 1918225, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thank you for continuing to maintain the package! Your builds so far have been top notch and this persuaded me to switch to Chromium partly (earlier a full fledged Firefox user, from way back when I was using Windows). It is indeed a real shame that Google has <sha> let us all down so much! Considering how much they use Linux: Linux apps are the closest to an actual ecosystem on ChromiumOS, they regularly let their open source projects AOSP and Chromium (OS)) wither away..\n\nAs I have also posted on arnoldthebat's update (https://arnoldthebat.co.uk/wordpress/2021/02/10/important-update/comment-page-1/?unapproved=114658&moderation-hash=1f39af0354eeb66a2907c367d1c07e47#comment-114658), and as echoed in this (https://www.techrepublic.com/article/google-stripping-chromium-of-certain-api-access-is-an-opportunity-for-the-browser-to-shine/), is it potentially possible for us to use our own form of syncing for Chromium browsers alone? There are a lot of open source devs who maintain the browser, and in arnold's case, the OS, and easily 3x as many users who need it to get away from the bad tech giant. Maybe such an API should help us get away for good.. (I personally can help test this on a phone and my laptop, on atleast 3 distributions and Android, and if I could, would love to help with the code as well (I went into the medical field #( ), and I do think all of us can band together for a while to get Chromium back to where it was)", "timestamp": "2021-02-12 08:38:37", "update_id": 274227, "user_id": 6222, "id": 1883793, "testcase_feedback": [], "user": {"name": "djremo", "email": "sidharth.sundaresan@gmail.com", "id": 6222, "avatar": "https://seccdn.libravatar.org/avatar/a0124676ecb3849c13610fbb482fcf48d33d7098e712ca7b49b56e01760cc7f9?s=24&d=retro", "openid": "djremo.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1912121, "bug_id": 1918225, "comment": {"karma": 1, "karma_critpath": 0, "text": "WoW! I started to use Chromium a while back, and it was glorious. Thank you for making Chromium for the masses; everyone owes you a great debt of gratitude. What you did was awesome, and it is sad. I am not much of a coder, but I am a philosopher, and I offer a eulogy (yeah, it's a program, I know; I have not lost it, work with me here).\n\nToday, I eulogize something beautiful under the most tragic of circumstances. It is like the death of a child, something created and has part of that creator in it. We are left with the questions of what if and why. It was not due to a faceless disease or defect inherited from the parents; it was murder. We know who did it. The killer is someone that we once gladly welcomed into our home. We trusted them with our personal communications, our many questions, and the records of our lives, all with the singular promise not to be evil. That was the first lie, but not the last. \n\nThe friend that we once trusted turned on us, and in secret, they practiced the dark arts and were possessed with the spirit of Google (for they are too many). Today, they have killed their brother Chromium, and his code still cries out from the ground, but are we listening? Power corrupts, and absolute power corrupts absolutely, and now they have become death: the destroyer of worlds. \n\nPrince Chromium is dead, and now we are left with his useless brother sitting on the throne and breaking nuts with the royal seal. The King is dead; long live the king; now, what about us?", "timestamp": "2021-03-02 08:02:43", "update_id": 274227, "user_id": 6267, "id": 1912121, "testcase_feedback": [], "user": {"name": "whstoermer", "email": "whs_1984@hotmail.com", "id": 6267, "avatar": "https://seccdn.libravatar.org/avatar/ef94db85e17e29d82cb493106dd7fc9700940263b168aa427444855ac703c066?s=24&d=retro", "openid": "whstoermer.id.fedoraproject.org", "groups": []}}}]}, {"bug_id": 1918226, "title": "CVE-2021-21125 chromium-browser: Insufficient policy enforcement in File System API", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 1833300, "bug_id": 1918226, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works for me.", "timestamp": "2021-01-23 17:07:27", "update_id": 274227, "user_id": 273, "id": 1833300, "testcase_feedback": [], "user": {"name": "wolnei", "email": "e@wolnei.com.br", "id": 273, "avatar": "https://seccdn.libravatar.org/avatar/80619c350617edf030f2667bd8ffe77ff68f515022f339677c4571a0b2ec8296?s=24&d=retro", "openid": "wolnei.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "triagers"}, {"name": "advocates"}]}}}, {"karma": 0, "comment_id": 1832161, "bug_id": 1918226, "comment": {"karma": 0, "karma_critpath": 0, "text": "I'm not sure that 'disabling' sync that early before EOL is the best option.\nMessage and link popping up under toolbar does not explain what's going on and what the user can do about it: https://www.chromium.org/developers/how-tos/api-keys\n\nIt would be great to replace it with a link to some quick-doc explaining what and why will happen in March and what to do about it (that Firefox can import most data and sync it between multiple devices and platforms). Maybe in the meantime some alternative will arise, e.g. Firefox Sync adapted in Chromium or other synchronization engine, after all many distros will have this problem and probably some devs rely on that feature.\n\nI'm using Chromium just to test website compatibility, but I installed or recommended it for many non-technical users as a Chrome replacement. I'm pretty sure most users don't check bodhi and won't know what hit them.", "timestamp": "2021-01-22 21:24:10", "update_id": 274227, "user_id": 3674, "id": 1832161, "testcase_feedback": [], "user": {"name": "ozeszty", "email": "ozeszty@gmail.com", "id": 3674, "avatar": "https://seccdn.libravatar.org/avatar/9aeace02fa2d54f1f5febd3460182261a6a518035ea75cc9d788240d6e669cbe?s=24&d=retro", "openid": "ozeszty.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918226, "comment": {"karma": 1, "karma_critpath": 0, "text": "I'll always prefer chromium over chrome. Thank you for your work.", "timestamp": "2021-01-24 07:17:56", "update_id": 274228, "user_id": 4054, "id": 1833870, "testcase_feedback": [], "user": {"name": "boycottsystemd1", "email": "boycottsystemd@yahoo.com", "id": 4054, "avatar": "https://seccdn.libravatar.org/avatar/72822ae5aa82ed9dc6cb7bb35646270744387f81df9ec50d2903e8d4e0bd8691?s=24&d=retro", "openid": "boycottsystemd1.id.fedoraproject.org", "groups": [{"name": "ipausers"}]}}}, {"karma": 0, "comment_id": 1832013, "bug_id": 1918226, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-22 19:12:00", "update_id": 274227, "user_id": 2935, "id": 1832013, "testcase_feedback": [], "user": {"name": "imabug", "email": "eugenemah@gmail.com", "id": 2935, "avatar": "https://seccdn.libravatar.org/avatar/ea8ba927783ee0ef10e6f05f14791abf925972bac4f31aba458058d3e7907a6d?s=24&d=retro", "openid": "imabug.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedora-hams"}]}}}, {"karma": 0, "comment_id": 1833107, "bug_id": 1918226, "comment": {"karma": 1, "karma_critpath": 0, "text": "Firefox FTW!", "timestamp": "2021-01-23 13:37:43", "update_id": 274227, "user_id": 4120, "id": 1833107, "testcase_feedback": [], "user": {"name": "atim", "email": "ego.cordatus@gmail.com", "id": 4120, "avatar": "https://seccdn.libravatar.org/avatar/8c3a317a13d88ca7421098b94cce0501c97ca2283e7139c4992df34f6218fb3b?s=24&d=retro", "openid": "atim.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "rust-sig"}]}}}, {"karma": 0, "comment_id": 1833372, "bug_id": 1918226, "comment": {"karma": 1, "karma_critpath": 0, "text": "**Thank you for maintaining the rpm !**", "timestamp": "2021-01-23 19:00:03", "update_id": 274227, "user_id": 6171, "id": 1833372, "testcase_feedback": [], "user": {"name": "x3dsf", "email": "talktofergus@gmail.com", "id": 6171, "avatar": "https://seccdn.libravatar.org/avatar/d05ae1bb65ea90306d28213b40ba72ff40de91b48767b282b0ae4f6a9fdee9f5?s=24&d=retro", "openid": "x3dsf.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1833207, "bug_id": 1918226, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-23 15:35:29", "update_id": 274227, "user_id": 5791, "id": 1833207, "testcase_feedback": [], "user": {"name": "pampelmuse", "email": "pampelmuse@gmx.at", "id": 5791, "avatar": "https://seccdn.libravatar.org/avatar/bb6c6342bfedc934915501150e118faf015cde0f79677ee978989c5234cd8b1b?s=24&d=retro", "openid": "pampelmuse.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 0, "comment_id": 1833904, "bug_id": 1918226, "comment": {"karma": 1, "karma_critpath": 0, "text": "Thank you for maintaining this package and for 'ripping the patch' up front, without adding a long pain to it. \nAlso, for whoever is here asking themselves if there is a fully functional browser with sync-ing capabilities, the answer is yes: Firefox. ;-)\n", "timestamp": "2021-01-24 08:40:50", "update_id": 274227, "user_id": 4635, "id": 1833904, "testcase_feedback": [], "user": {"name": "ckristi", "email": "ckristi@gmail.com", "id": 4635, "avatar": "https://seccdn.libravatar.org/avatar/7470b7723a1569ad482dd778bfca90f0f22571f574746af4f90a84b55d52d90f?s=24&d=retro", "openid": "ckristi.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1835458, "bug_id": 1918226, "comment": {"karma": 0, "karma_critpath": 0, "text": "Please consider keeping the package updated going forward.\n\nWhile sync is certainly a useful feature, it's entirely possible to use Chromium without ever enabling it; some people might even consider the removal of this Google-specific functionality an improvement.\n\nFirefox is a very valid alternative, and what I personally use, but the fact that the two browsers use different engines makes it quite valuable to have both in the distribution.", "timestamp": "2021-01-24 23:16:22", "update_id": 274227, "user_id": 5346, "id": 1835458, "testcase_feedback": [], "user": {"name": "abologna", "email": "eof@kiyuko.org", "id": 5346, "avatar": "https://seccdn.libravatar.org/avatar/b3a32a0d2dcf11525bcda6c548a2e371fefce6e356c3761abeb43c51e38d320e?s=24&d=retro", "openid": "abologna.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "wikiedit"}, {"name": "kubevirt"}]}}}, {"karma": 0, "comment_id": 1836831, "bug_id": 1918226, "comment": {"karma": 0, "karma_critpath": 0, "text": "Is removal actually correct? The email thread says that APIs like safe browsing are still available, but they won't be any longer if the API keys get removed.", "timestamp": "2021-01-25 18:38:52", "update_id": 274227, "user_id": 4713, "id": 1836831, "testcase_feedback": [], "user": {"name": "refi64", "email": "rymg19@gmail.com", "id": 4713, "avatar": "https://seccdn.libravatar.org/avatar/46c688fd5c97a57db2e5d09d34cc92fb478308e4abf18ecd6bc2cc6de397b57d?s=24&d=retro", "openid": "refi64.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1839212, "bug_id": 1918226, "comment": {"karma": 0, "karma_critpath": 0, "text": "I would say replace the package with Ungoogled Chromium. This is effectively the same to end-users once the APIs are blocked, with one major gain which is complete google APIs block and removal at user-end to prevent any tracking act by google. ", "timestamp": "2021-01-27 05:44:28", "update_id": 274227, "user_id": 6181, "id": 1839212, "testcase_feedback": [], "user": {"name": "mahmoudajawad", "email": "m.abduljawad@hey.com", "id": 6181, "avatar": "https://seccdn.libravatar.org/avatar/8ca985ad1641c9cf4f27302a22af8e585a6394f11d7c68dfbd10a579280a022f?s=24&d=retro", "openid": "mahmoudajawad.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918226, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thanks a lot @spot for your work in maintaining chromium. I can assure you that we (cockpit team) depend on having a good Chromium Fedora package, and that your effort is much appreciated!\n\nHonestly I have a hard time shedding a lot of emotions about this. People who care about not using Google proprietary stuff (like me, although I use Firefox on desktop and phone) shouldn't/won't use  the proprietary bookmark sync either; and people who don't care will either not care much about using chrome vs. chromium?", "timestamp": "2021-01-27 09:10:47", "update_id": 274228, "user_id": 3506, "id": 1839392, "testcase_feedback": [], "user": {"name": "martinpitt", "email": "mpitt@redhat.com", "id": 3506, "avatar": "https://seccdn.libravatar.org/avatar/a6a00790fadaca10623f4464437e482d4ec110fe331397506ea9fe2664bec740?s=24&d=retro", "openid": "martinpitt.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "cockpitteam"}, {"name": "ocp-cico-cockpit"}]}}}, {"karma": 0, "comment_id": 1843772, "bug_id": 1918226, "comment": {"karma": 0, "karma_critpath": 0, "text": "Personally I don't care one bit for Sync of Geolocation services. Those are one of the first things I try disable when using a browser. The warning at the startup however made me think it was a far more serious change that could hurt browsing security. I would keep the package, if I wanted the full Google experience I'd stick with Google Chrome.", "timestamp": "2021-01-29 13:18:23", "update_id": 274227, "user_id": 6192, "id": 1843772, "testcase_feedback": [], "user": {"name": "vedora", "email": "weetjenu@protonmail.com", "id": 6192, "avatar": "https://seccdn.libravatar.org/avatar/661ef5fab323bf214decbd6867540656fcc4181e6de41aa37a3a05ecd429a9a6?s=24&d=retro", "openid": "vedora.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1883793, "bug_id": 1918226, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thank you for continuing to maintain the package! Your builds so far have been top notch and this persuaded me to switch to Chromium partly (earlier a full fledged Firefox user, from way back when I was using Windows). It is indeed a real shame that Google has <sha> let us all down so much! Considering how much they use Linux: Linux apps are the closest to an actual ecosystem on ChromiumOS, they regularly let their open source projects AOSP and Chromium (OS)) wither away..\n\nAs I have also posted on arnoldthebat's update (https://arnoldthebat.co.uk/wordpress/2021/02/10/important-update/comment-page-1/?unapproved=114658&moderation-hash=1f39af0354eeb66a2907c367d1c07e47#comment-114658), and as echoed in this (https://www.techrepublic.com/article/google-stripping-chromium-of-certain-api-access-is-an-opportunity-for-the-browser-to-shine/), is it potentially possible for us to use our own form of syncing for Chromium browsers alone? There are a lot of open source devs who maintain the browser, and in arnold's case, the OS, and easily 3x as many users who need it to get away from the bad tech giant. Maybe such an API should help us get away for good.. (I personally can help test this on a phone and my laptop, on atleast 3 distributions and Android, and if I could, would love to help with the code as well (I went into the medical field #( ), and I do think all of us can band together for a while to get Chromium back to where it was)", "timestamp": "2021-02-12 08:38:37", "update_id": 274227, "user_id": 6222, "id": 1883793, "testcase_feedback": [], "user": {"name": "djremo", "email": "sidharth.sundaresan@gmail.com", "id": 6222, "avatar": "https://seccdn.libravatar.org/avatar/a0124676ecb3849c13610fbb482fcf48d33d7098e712ca7b49b56e01760cc7f9?s=24&d=retro", "openid": "djremo.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1912121, "bug_id": 1918226, "comment": {"karma": 1, "karma_critpath": 0, "text": "WoW! I started to use Chromium a while back, and it was glorious. Thank you for making Chromium for the masses; everyone owes you a great debt of gratitude. What you did was awesome, and it is sad. I am not much of a coder, but I am a philosopher, and I offer a eulogy (yeah, it's a program, I know; I have not lost it, work with me here).\n\nToday, I eulogize something beautiful under the most tragic of circumstances. It is like the death of a child, something created and has part of that creator in it. We are left with the questions of what if and why. It was not due to a faceless disease or defect inherited from the parents; it was murder. We know who did it. The killer is someone that we once gladly welcomed into our home. We trusted them with our personal communications, our many questions, and the records of our lives, all with the singular promise not to be evil. That was the first lie, but not the last. \n\nThe friend that we once trusted turned on us, and in secret, they practiced the dark arts and were possessed with the spirit of Google (for they are too many). Today, they have killed their brother Chromium, and his code still cries out from the ground, but are we listening? Power corrupts, and absolute power corrupts absolutely, and now they have become death: the destroyer of worlds. \n\nPrince Chromium is dead, and now we are left with his useless brother sitting on the throne and breaking nuts with the royal seal. The King is dead; long live the king; now, what about us?", "timestamp": "2021-03-02 08:02:43", "update_id": 274227, "user_id": 6267, "id": 1912121, "testcase_feedback": [], "user": {"name": "whstoermer", "email": "whs_1984@hotmail.com", "id": 6267, "avatar": "https://seccdn.libravatar.org/avatar/ef94db85e17e29d82cb493106dd7fc9700940263b168aa427444855ac703c066?s=24&d=retro", "openid": "whstoermer.id.fedoraproject.org", "groups": []}}}]}, {"bug_id": 1918227, "title": "CVE-2021-21126 chromium-browser: Insufficient policy enforcement in extensions", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 1833300, "bug_id": 1918227, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works for me.", "timestamp": "2021-01-23 17:07:27", "update_id": 274227, "user_id": 273, "id": 1833300, "testcase_feedback": [], "user": {"name": "wolnei", "email": "e@wolnei.com.br", "id": 273, "avatar": "https://seccdn.libravatar.org/avatar/80619c350617edf030f2667bd8ffe77ff68f515022f339677c4571a0b2ec8296?s=24&d=retro", "openid": "wolnei.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "triagers"}, {"name": "advocates"}]}}}, {"karma": 0, "comment_id": 1832161, "bug_id": 1918227, "comment": {"karma": 0, "karma_critpath": 0, "text": "I'm not sure that 'disabling' sync that early before EOL is the best option.\nMessage and link popping up under toolbar does not explain what's going on and what the user can do about it: https://www.chromium.org/developers/how-tos/api-keys\n\nIt would be great to replace it with a link to some quick-doc explaining what and why will happen in March and what to do about it (that Firefox can import most data and sync it between multiple devices and platforms). Maybe in the meantime some alternative will arise, e.g. Firefox Sync adapted in Chromium or other synchronization engine, after all many distros will have this problem and probably some devs rely on that feature.\n\nI'm using Chromium just to test website compatibility, but I installed or recommended it for many non-technical users as a Chrome replacement. I'm pretty sure most users don't check bodhi and won't know what hit them.", "timestamp": "2021-01-22 21:24:10", "update_id": 274227, "user_id": 3674, "id": 1832161, "testcase_feedback": [], "user": {"name": "ozeszty", "email": "ozeszty@gmail.com", "id": 3674, "avatar": "https://seccdn.libravatar.org/avatar/9aeace02fa2d54f1f5febd3460182261a6a518035ea75cc9d788240d6e669cbe?s=24&d=retro", "openid": "ozeszty.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918227, "comment": {"karma": 1, "karma_critpath": 0, "text": "I'll always prefer chromium over chrome. Thank you for your work.", "timestamp": "2021-01-24 07:17:56", "update_id": 274228, "user_id": 4054, "id": 1833870, "testcase_feedback": [], "user": {"name": "boycottsystemd1", "email": "boycottsystemd@yahoo.com", "id": 4054, "avatar": "https://seccdn.libravatar.org/avatar/72822ae5aa82ed9dc6cb7bb35646270744387f81df9ec50d2903e8d4e0bd8691?s=24&d=retro", "openid": "boycottsystemd1.id.fedoraproject.org", "groups": [{"name": "ipausers"}]}}}, {"karma": 0, "comment_id": 1832013, "bug_id": 1918227, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-22 19:12:00", "update_id": 274227, "user_id": 2935, "id": 1832013, "testcase_feedback": [], "user": {"name": "imabug", "email": "eugenemah@gmail.com", "id": 2935, "avatar": "https://seccdn.libravatar.org/avatar/ea8ba927783ee0ef10e6f05f14791abf925972bac4f31aba458058d3e7907a6d?s=24&d=retro", "openid": "imabug.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedora-hams"}]}}}, {"karma": 0, "comment_id": 1833107, "bug_id": 1918227, "comment": {"karma": 1, "karma_critpath": 0, "text": "Firefox FTW!", "timestamp": "2021-01-23 13:37:43", "update_id": 274227, "user_id": 4120, "id": 1833107, "testcase_feedback": [], "user": {"name": "atim", "email": "ego.cordatus@gmail.com", "id": 4120, "avatar": "https://seccdn.libravatar.org/avatar/8c3a317a13d88ca7421098b94cce0501c97ca2283e7139c4992df34f6218fb3b?s=24&d=retro", "openid": "atim.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "rust-sig"}]}}}, {"karma": 0, "comment_id": 1833372, "bug_id": 1918227, "comment": {"karma": 1, "karma_critpath": 0, "text": "**Thank you for maintaining the rpm !**", "timestamp": "2021-01-23 19:00:03", "update_id": 274227, "user_id": 6171, "id": 1833372, "testcase_feedback": [], "user": {"name": "x3dsf", "email": "talktofergus@gmail.com", "id": 6171, "avatar": "https://seccdn.libravatar.org/avatar/d05ae1bb65ea90306d28213b40ba72ff40de91b48767b282b0ae4f6a9fdee9f5?s=24&d=retro", "openid": "x3dsf.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1833207, "bug_id": 1918227, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-23 15:35:29", "update_id": 274227, "user_id": 5791, "id": 1833207, "testcase_feedback": [], "user": {"name": "pampelmuse", "email": "pampelmuse@gmx.at", "id": 5791, "avatar": "https://seccdn.libravatar.org/avatar/bb6c6342bfedc934915501150e118faf015cde0f79677ee978989c5234cd8b1b?s=24&d=retro", "openid": "pampelmuse.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 0, "comment_id": 1833904, "bug_id": 1918227, "comment": {"karma": 1, "karma_critpath": 0, "text": "Thank you for maintaining this package and for 'ripping the patch' up front, without adding a long pain to it. \nAlso, for whoever is here asking themselves if there is a fully functional browser with sync-ing capabilities, the answer is yes: Firefox. ;-)\n", "timestamp": "2021-01-24 08:40:50", "update_id": 274227, "user_id": 4635, "id": 1833904, "testcase_feedback": [], "user": {"name": "ckristi", "email": "ckristi@gmail.com", "id": 4635, "avatar": "https://seccdn.libravatar.org/avatar/7470b7723a1569ad482dd778bfca90f0f22571f574746af4f90a84b55d52d90f?s=24&d=retro", "openid": "ckristi.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1835458, "bug_id": 1918227, "comment": {"karma": 0, "karma_critpath": 0, "text": "Please consider keeping the package updated going forward.\n\nWhile sync is certainly a useful feature, it's entirely possible to use Chromium without ever enabling it; some people might even consider the removal of this Google-specific functionality an improvement.\n\nFirefox is a very valid alternative, and what I personally use, but the fact that the two browsers use different engines makes it quite valuable to have both in the distribution.", "timestamp": "2021-01-24 23:16:22", "update_id": 274227, "user_id": 5346, "id": 1835458, "testcase_feedback": [], "user": {"name": "abologna", "email": "eof@kiyuko.org", "id": 5346, "avatar": "https://seccdn.libravatar.org/avatar/b3a32a0d2dcf11525bcda6c548a2e371fefce6e356c3761abeb43c51e38d320e?s=24&d=retro", "openid": "abologna.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "wikiedit"}, {"name": "kubevirt"}]}}}, {"karma": 0, "comment_id": 1836831, "bug_id": 1918227, "comment": {"karma": 0, "karma_critpath": 0, "text": "Is removal actually correct? The email thread says that APIs like safe browsing are still available, but they won't be any longer if the API keys get removed.", "timestamp": "2021-01-25 18:38:52", "update_id": 274227, "user_id": 4713, "id": 1836831, "testcase_feedback": [], "user": {"name": "refi64", "email": "rymg19@gmail.com", "id": 4713, "avatar": "https://seccdn.libravatar.org/avatar/46c688fd5c97a57db2e5d09d34cc92fb478308e4abf18ecd6bc2cc6de397b57d?s=24&d=retro", "openid": "refi64.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1839212, "bug_id": 1918227, "comment": {"karma": 0, "karma_critpath": 0, "text": "I would say replace the package with Ungoogled Chromium. This is effectively the same to end-users once the APIs are blocked, with one major gain which is complete google APIs block and removal at user-end to prevent any tracking act by google. ", "timestamp": "2021-01-27 05:44:28", "update_id": 274227, "user_id": 6181, "id": 1839212, "testcase_feedback": [], "user": {"name": "mahmoudajawad", "email": "m.abduljawad@hey.com", "id": 6181, "avatar": "https://seccdn.libravatar.org/avatar/8ca985ad1641c9cf4f27302a22af8e585a6394f11d7c68dfbd10a579280a022f?s=24&d=retro", "openid": "mahmoudajawad.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918227, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thanks a lot @spot for your work in maintaining chromium. I can assure you that we (cockpit team) depend on having a good Chromium Fedora package, and that your effort is much appreciated!\n\nHonestly I have a hard time shedding a lot of emotions about this. People who care about not using Google proprietary stuff (like me, although I use Firefox on desktop and phone) shouldn't/won't use  the proprietary bookmark sync either; and people who don't care will either not care much about using chrome vs. chromium?", "timestamp": "2021-01-27 09:10:47", "update_id": 274228, "user_id": 3506, "id": 1839392, "testcase_feedback": [], "user": {"name": "martinpitt", "email": "mpitt@redhat.com", "id": 3506, "avatar": "https://seccdn.libravatar.org/avatar/a6a00790fadaca10623f4464437e482d4ec110fe331397506ea9fe2664bec740?s=24&d=retro", "openid": "martinpitt.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "cockpitteam"}, {"name": "ocp-cico-cockpit"}]}}}, {"karma": 0, "comment_id": 1843772, "bug_id": 1918227, "comment": {"karma": 0, "karma_critpath": 0, "text": "Personally I don't care one bit for Sync of Geolocation services. Those are one of the first things I try disable when using a browser. The warning at the startup however made me think it was a far more serious change that could hurt browsing security. I would keep the package, if I wanted the full Google experience I'd stick with Google Chrome.", "timestamp": "2021-01-29 13:18:23", "update_id": 274227, "user_id": 6192, "id": 1843772, "testcase_feedback": [], "user": {"name": "vedora", "email": "weetjenu@protonmail.com", "id": 6192, "avatar": "https://seccdn.libravatar.org/avatar/661ef5fab323bf214decbd6867540656fcc4181e6de41aa37a3a05ecd429a9a6?s=24&d=retro", "openid": "vedora.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1883793, "bug_id": 1918227, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thank you for continuing to maintain the package! Your builds so far have been top notch and this persuaded me to switch to Chromium partly (earlier a full fledged Firefox user, from way back when I was using Windows). It is indeed a real shame that Google has <sha> let us all down so much! Considering how much they use Linux: Linux apps are the closest to an actual ecosystem on ChromiumOS, they regularly let their open source projects AOSP and Chromium (OS)) wither away..\n\nAs I have also posted on arnoldthebat's update (https://arnoldthebat.co.uk/wordpress/2021/02/10/important-update/comment-page-1/?unapproved=114658&moderation-hash=1f39af0354eeb66a2907c367d1c07e47#comment-114658), and as echoed in this (https://www.techrepublic.com/article/google-stripping-chromium-of-certain-api-access-is-an-opportunity-for-the-browser-to-shine/), is it potentially possible for us to use our own form of syncing for Chromium browsers alone? There are a lot of open source devs who maintain the browser, and in arnold's case, the OS, and easily 3x as many users who need it to get away from the bad tech giant. Maybe such an API should help us get away for good.. (I personally can help test this on a phone and my laptop, on atleast 3 distributions and Android, and if I could, would love to help with the code as well (I went into the medical field #( ), and I do think all of us can band together for a while to get Chromium back to where it was)", "timestamp": "2021-02-12 08:38:37", "update_id": 274227, "user_id": 6222, "id": 1883793, "testcase_feedback": [], "user": {"name": "djremo", "email": "sidharth.sundaresan@gmail.com", "id": 6222, "avatar": "https://seccdn.libravatar.org/avatar/a0124676ecb3849c13610fbb482fcf48d33d7098e712ca7b49b56e01760cc7f9?s=24&d=retro", "openid": "djremo.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1912121, "bug_id": 1918227, "comment": {"karma": 1, "karma_critpath": 0, "text": "WoW! I started to use Chromium a while back, and it was glorious. Thank you for making Chromium for the masses; everyone owes you a great debt of gratitude. What you did was awesome, and it is sad. I am not much of a coder, but I am a philosopher, and I offer a eulogy (yeah, it's a program, I know; I have not lost it, work with me here).\n\nToday, I eulogize something beautiful under the most tragic of circumstances. It is like the death of a child, something created and has part of that creator in it. We are left with the questions of what if and why. It was not due to a faceless disease or defect inherited from the parents; it was murder. We know who did it. The killer is someone that we once gladly welcomed into our home. We trusted them with our personal communications, our many questions, and the records of our lives, all with the singular promise not to be evil. That was the first lie, but not the last. \n\nThe friend that we once trusted turned on us, and in secret, they practiced the dark arts and were possessed with the spirit of Google (for they are too many). Today, they have killed their brother Chromium, and his code still cries out from the ground, but are we listening? Power corrupts, and absolute power corrupts absolutely, and now they have become death: the destroyer of worlds. \n\nPrince Chromium is dead, and now we are left with his useless brother sitting on the throne and breaking nuts with the royal seal. The King is dead; long live the king; now, what about us?", "timestamp": "2021-03-02 08:02:43", "update_id": 274227, "user_id": 6267, "id": 1912121, "testcase_feedback": [], "user": {"name": "whstoermer", "email": "whs_1984@hotmail.com", "id": 6267, "avatar": "https://seccdn.libravatar.org/avatar/ef94db85e17e29d82cb493106dd7fc9700940263b168aa427444855ac703c066?s=24&d=retro", "openid": "whstoermer.id.fedoraproject.org", "groups": []}}}]}, {"bug_id": 1918228, "title": "CVE-2021-21127 chromium-browser: Insufficient policy enforcement in extensions", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 1833300, "bug_id": 1918228, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works for me.", "timestamp": "2021-01-23 17:07:27", "update_id": 274227, "user_id": 273, "id": 1833300, "testcase_feedback": [], "user": {"name": "wolnei", "email": "e@wolnei.com.br", "id": 273, "avatar": "https://seccdn.libravatar.org/avatar/80619c350617edf030f2667bd8ffe77ff68f515022f339677c4571a0b2ec8296?s=24&d=retro", "openid": "wolnei.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "triagers"}, {"name": "advocates"}]}}}, {"karma": 0, "comment_id": 1832161, "bug_id": 1918228, "comment": {"karma": 0, "karma_critpath": 0, "text": "I'm not sure that 'disabling' sync that early before EOL is the best option.\nMessage and link popping up under toolbar does not explain what's going on and what the user can do about it: https://www.chromium.org/developers/how-tos/api-keys\n\nIt would be great to replace it with a link to some quick-doc explaining what and why will happen in March and what to do about it (that Firefox can import most data and sync it between multiple devices and platforms). Maybe in the meantime some alternative will arise, e.g. Firefox Sync adapted in Chromium or other synchronization engine, after all many distros will have this problem and probably some devs rely on that feature.\n\nI'm using Chromium just to test website compatibility, but I installed or recommended it for many non-technical users as a Chrome replacement. I'm pretty sure most users don't check bodhi and won't know what hit them.", "timestamp": "2021-01-22 21:24:10", "update_id": 274227, "user_id": 3674, "id": 1832161, "testcase_feedback": [], "user": {"name": "ozeszty", "email": "ozeszty@gmail.com", "id": 3674, "avatar": "https://seccdn.libravatar.org/avatar/9aeace02fa2d54f1f5febd3460182261a6a518035ea75cc9d788240d6e669cbe?s=24&d=retro", "openid": "ozeszty.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918228, "comment": {"karma": 1, "karma_critpath": 0, "text": "I'll always prefer chromium over chrome. Thank you for your work.", "timestamp": "2021-01-24 07:17:56", "update_id": 274228, "user_id": 4054, "id": 1833870, "testcase_feedback": [], "user": {"name": "boycottsystemd1", "email": "boycottsystemd@yahoo.com", "id": 4054, "avatar": "https://seccdn.libravatar.org/avatar/72822ae5aa82ed9dc6cb7bb35646270744387f81df9ec50d2903e8d4e0bd8691?s=24&d=retro", "openid": "boycottsystemd1.id.fedoraproject.org", "groups": [{"name": "ipausers"}]}}}, {"karma": 0, "comment_id": 1832013, "bug_id": 1918228, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-22 19:12:00", "update_id": 274227, "user_id": 2935, "id": 1832013, "testcase_feedback": [], "user": {"name": "imabug", "email": "eugenemah@gmail.com", "id": 2935, "avatar": "https://seccdn.libravatar.org/avatar/ea8ba927783ee0ef10e6f05f14791abf925972bac4f31aba458058d3e7907a6d?s=24&d=retro", "openid": "imabug.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedora-hams"}]}}}, {"karma": 0, "comment_id": 1833107, "bug_id": 1918228, "comment": {"karma": 1, "karma_critpath": 0, "text": "Firefox FTW!", "timestamp": "2021-01-23 13:37:43", "update_id": 274227, "user_id": 4120, "id": 1833107, "testcase_feedback": [], "user": {"name": "atim", "email": "ego.cordatus@gmail.com", "id": 4120, "avatar": "https://seccdn.libravatar.org/avatar/8c3a317a13d88ca7421098b94cce0501c97ca2283e7139c4992df34f6218fb3b?s=24&d=retro", "openid": "atim.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "rust-sig"}]}}}, {"karma": 0, "comment_id": 1833372, "bug_id": 1918228, "comment": {"karma": 1, "karma_critpath": 0, "text": "**Thank you for maintaining the rpm !**", "timestamp": "2021-01-23 19:00:03", "update_id": 274227, "user_id": 6171, "id": 1833372, "testcase_feedback": [], "user": {"name": "x3dsf", "email": "talktofergus@gmail.com", "id": 6171, "avatar": "https://seccdn.libravatar.org/avatar/d05ae1bb65ea90306d28213b40ba72ff40de91b48767b282b0ae4f6a9fdee9f5?s=24&d=retro", "openid": "x3dsf.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1833207, "bug_id": 1918228, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-23 15:35:29", "update_id": 274227, "user_id": 5791, "id": 1833207, "testcase_feedback": [], "user": {"name": "pampelmuse", "email": "pampelmuse@gmx.at", "id": 5791, "avatar": "https://seccdn.libravatar.org/avatar/bb6c6342bfedc934915501150e118faf015cde0f79677ee978989c5234cd8b1b?s=24&d=retro", "openid": "pampelmuse.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 0, "comment_id": 1833904, "bug_id": 1918228, "comment": {"karma": 1, "karma_critpath": 0, "text": "Thank you for maintaining this package and for 'ripping the patch' up front, without adding a long pain to it. \nAlso, for whoever is here asking themselves if there is a fully functional browser with sync-ing capabilities, the answer is yes: Firefox. ;-)\n", "timestamp": "2021-01-24 08:40:50", "update_id": 274227, "user_id": 4635, "id": 1833904, "testcase_feedback": [], "user": {"name": "ckristi", "email": "ckristi@gmail.com", "id": 4635, "avatar": "https://seccdn.libravatar.org/avatar/7470b7723a1569ad482dd778bfca90f0f22571f574746af4f90a84b55d52d90f?s=24&d=retro", "openid": "ckristi.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1835458, "bug_id": 1918228, "comment": {"karma": 0, "karma_critpath": 0, "text": "Please consider keeping the package updated going forward.\n\nWhile sync is certainly a useful feature, it's entirely possible to use Chromium without ever enabling it; some people might even consider the removal of this Google-specific functionality an improvement.\n\nFirefox is a very valid alternative, and what I personally use, but the fact that the two browsers use different engines makes it quite valuable to have both in the distribution.", "timestamp": "2021-01-24 23:16:22", "update_id": 274227, "user_id": 5346, "id": 1835458, "testcase_feedback": [], "user": {"name": "abologna", "email": "eof@kiyuko.org", "id": 5346, "avatar": "https://seccdn.libravatar.org/avatar/b3a32a0d2dcf11525bcda6c548a2e371fefce6e356c3761abeb43c51e38d320e?s=24&d=retro", "openid": "abologna.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "wikiedit"}, {"name": "kubevirt"}]}}}, {"karma": 0, "comment_id": 1836831, "bug_id": 1918228, "comment": {"karma": 0, "karma_critpath": 0, "text": "Is removal actually correct? The email thread says that APIs like safe browsing are still available, but they won't be any longer if the API keys get removed.", "timestamp": "2021-01-25 18:38:52", "update_id": 274227, "user_id": 4713, "id": 1836831, "testcase_feedback": [], "user": {"name": "refi64", "email": "rymg19@gmail.com", "id": 4713, "avatar": "https://seccdn.libravatar.org/avatar/46c688fd5c97a57db2e5d09d34cc92fb478308e4abf18ecd6bc2cc6de397b57d?s=24&d=retro", "openid": "refi64.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1839212, "bug_id": 1918228, "comment": {"karma": 0, "karma_critpath": 0, "text": "I would say replace the package with Ungoogled Chromium. This is effectively the same to end-users once the APIs are blocked, with one major gain which is complete google APIs block and removal at user-end to prevent any tracking act by google. ", "timestamp": "2021-01-27 05:44:28", "update_id": 274227, "user_id": 6181, "id": 1839212, "testcase_feedback": [], "user": {"name": "mahmoudajawad", "email": "m.abduljawad@hey.com", "id": 6181, "avatar": "https://seccdn.libravatar.org/avatar/8ca985ad1641c9cf4f27302a22af8e585a6394f11d7c68dfbd10a579280a022f?s=24&d=retro", "openid": "mahmoudajawad.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918228, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thanks a lot @spot for your work in maintaining chromium. I can assure you that we (cockpit team) depend on having a good Chromium Fedora package, and that your effort is much appreciated!\n\nHonestly I have a hard time shedding a lot of emotions about this. People who care about not using Google proprietary stuff (like me, although I use Firefox on desktop and phone) shouldn't/won't use  the proprietary bookmark sync either; and people who don't care will either not care much about using chrome vs. chromium?", "timestamp": "2021-01-27 09:10:47", "update_id": 274228, "user_id": 3506, "id": 1839392, "testcase_feedback": [], "user": {"name": "martinpitt", "email": "mpitt@redhat.com", "id": 3506, "avatar": "https://seccdn.libravatar.org/avatar/a6a00790fadaca10623f4464437e482d4ec110fe331397506ea9fe2664bec740?s=24&d=retro", "openid": "martinpitt.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "cockpitteam"}, {"name": "ocp-cico-cockpit"}]}}}, {"karma": 0, "comment_id": 1843772, "bug_id": 1918228, "comment": {"karma": 0, "karma_critpath": 0, "text": "Personally I don't care one bit for Sync of Geolocation services. Those are one of the first things I try disable when using a browser. The warning at the startup however made me think it was a far more serious change that could hurt browsing security. I would keep the package, if I wanted the full Google experience I'd stick with Google Chrome.", "timestamp": "2021-01-29 13:18:23", "update_id": 274227, "user_id": 6192, "id": 1843772, "testcase_feedback": [], "user": {"name": "vedora", "email": "weetjenu@protonmail.com", "id": 6192, "avatar": "https://seccdn.libravatar.org/avatar/661ef5fab323bf214decbd6867540656fcc4181e6de41aa37a3a05ecd429a9a6?s=24&d=retro", "openid": "vedora.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1883793, "bug_id": 1918228, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thank you for continuing to maintain the package! Your builds so far have been top notch and this persuaded me to switch to Chromium partly (earlier a full fledged Firefox user, from way back when I was using Windows). It is indeed a real shame that Google has <sha> let us all down so much! Considering how much they use Linux: Linux apps are the closest to an actual ecosystem on ChromiumOS, they regularly let their open source projects AOSP and Chromium (OS)) wither away..\n\nAs I have also posted on arnoldthebat's update (https://arnoldthebat.co.uk/wordpress/2021/02/10/important-update/comment-page-1/?unapproved=114658&moderation-hash=1f39af0354eeb66a2907c367d1c07e47#comment-114658), and as echoed in this (https://www.techrepublic.com/article/google-stripping-chromium-of-certain-api-access-is-an-opportunity-for-the-browser-to-shine/), is it potentially possible for us to use our own form of syncing for Chromium browsers alone? There are a lot of open source devs who maintain the browser, and in arnold's case, the OS, and easily 3x as many users who need it to get away from the bad tech giant. Maybe such an API should help us get away for good.. (I personally can help test this on a phone and my laptop, on atleast 3 distributions and Android, and if I could, would love to help with the code as well (I went into the medical field #( ), and I do think all of us can band together for a while to get Chromium back to where it was)", "timestamp": "2021-02-12 08:38:37", "update_id": 274227, "user_id": 6222, "id": 1883793, "testcase_feedback": [], "user": {"name": "djremo", "email": "sidharth.sundaresan@gmail.com", "id": 6222, "avatar": "https://seccdn.libravatar.org/avatar/a0124676ecb3849c13610fbb482fcf48d33d7098e712ca7b49b56e01760cc7f9?s=24&d=retro", "openid": "djremo.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1912121, "bug_id": 1918228, "comment": {"karma": 1, "karma_critpath": 0, "text": "WoW! I started to use Chromium a while back, and it was glorious. Thank you for making Chromium for the masses; everyone owes you a great debt of gratitude. What you did was awesome, and it is sad. I am not much of a coder, but I am a philosopher, and I offer a eulogy (yeah, it's a program, I know; I have not lost it, work with me here).\n\nToday, I eulogize something beautiful under the most tragic of circumstances. It is like the death of a child, something created and has part of that creator in it. We are left with the questions of what if and why. It was not due to a faceless disease or defect inherited from the parents; it was murder. We know who did it. The killer is someone that we once gladly welcomed into our home. We trusted them with our personal communications, our many questions, and the records of our lives, all with the singular promise not to be evil. That was the first lie, but not the last. \n\nThe friend that we once trusted turned on us, and in secret, they practiced the dark arts and were possessed with the spirit of Google (for they are too many). Today, they have killed their brother Chromium, and his code still cries out from the ground, but are we listening? Power corrupts, and absolute power corrupts absolutely, and now they have become death: the destroyer of worlds. \n\nPrince Chromium is dead, and now we are left with his useless brother sitting on the throne and breaking nuts with the royal seal. The King is dead; long live the king; now, what about us?", "timestamp": "2021-03-02 08:02:43", "update_id": 274227, "user_id": 6267, "id": 1912121, "testcase_feedback": [], "user": {"name": "whstoermer", "email": "whs_1984@hotmail.com", "id": 6267, "avatar": "https://seccdn.libravatar.org/avatar/ef94db85e17e29d82cb493106dd7fc9700940263b168aa427444855ac703c066?s=24&d=retro", "openid": "whstoermer.id.fedoraproject.org", "groups": []}}}]}, {"bug_id": 1918229, "title": "CVE-2021-21129 chromium-browser: Insufficient policy enforcement in File System API", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 1833300, "bug_id": 1918229, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works for me.", "timestamp": "2021-01-23 17:07:27", "update_id": 274227, "user_id": 273, "id": 1833300, "testcase_feedback": [], "user": {"name": "wolnei", "email": "e@wolnei.com.br", "id": 273, "avatar": "https://seccdn.libravatar.org/avatar/80619c350617edf030f2667bd8ffe77ff68f515022f339677c4571a0b2ec8296?s=24&d=retro", "openid": "wolnei.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "triagers"}, {"name": "advocates"}]}}}, {"karma": 0, "comment_id": 1832161, "bug_id": 1918229, "comment": {"karma": 0, "karma_critpath": 0, "text": "I'm not sure that 'disabling' sync that early before EOL is the best option.\nMessage and link popping up under toolbar does not explain what's going on and what the user can do about it: https://www.chromium.org/developers/how-tos/api-keys\n\nIt would be great to replace it with a link to some quick-doc explaining what and why will happen in March and what to do about it (that Firefox can import most data and sync it between multiple devices and platforms). Maybe in the meantime some alternative will arise, e.g. Firefox Sync adapted in Chromium or other synchronization engine, after all many distros will have this problem and probably some devs rely on that feature.\n\nI'm using Chromium just to test website compatibility, but I installed or recommended it for many non-technical users as a Chrome replacement. I'm pretty sure most users don't check bodhi and won't know what hit them.", "timestamp": "2021-01-22 21:24:10", "update_id": 274227, "user_id": 3674, "id": 1832161, "testcase_feedback": [], "user": {"name": "ozeszty", "email": "ozeszty@gmail.com", "id": 3674, "avatar": "https://seccdn.libravatar.org/avatar/9aeace02fa2d54f1f5febd3460182261a6a518035ea75cc9d788240d6e669cbe?s=24&d=retro", "openid": "ozeszty.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918229, "comment": {"karma": 1, "karma_critpath": 0, "text": "I'll always prefer chromium over chrome. Thank you for your work.", "timestamp": "2021-01-24 07:17:56", "update_id": 274228, "user_id": 4054, "id": 1833870, "testcase_feedback": [], "user": {"name": "boycottsystemd1", "email": "boycottsystemd@yahoo.com", "id": 4054, "avatar": "https://seccdn.libravatar.org/avatar/72822ae5aa82ed9dc6cb7bb35646270744387f81df9ec50d2903e8d4e0bd8691?s=24&d=retro", "openid": "boycottsystemd1.id.fedoraproject.org", "groups": [{"name": "ipausers"}]}}}, {"karma": 0, "comment_id": 1832013, "bug_id": 1918229, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-22 19:12:00", "update_id": 274227, "user_id": 2935, "id": 1832013, "testcase_feedback": [], "user": {"name": "imabug", "email": "eugenemah@gmail.com", "id": 2935, "avatar": "https://seccdn.libravatar.org/avatar/ea8ba927783ee0ef10e6f05f14791abf925972bac4f31aba458058d3e7907a6d?s=24&d=retro", "openid": "imabug.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedora-hams"}]}}}, {"karma": 0, "comment_id": 1833107, "bug_id": 1918229, "comment": {"karma": 1, "karma_critpath": 0, "text": "Firefox FTW!", "timestamp": "2021-01-23 13:37:43", "update_id": 274227, "user_id": 4120, "id": 1833107, "testcase_feedback": [], "user": {"name": "atim", "email": "ego.cordatus@gmail.com", "id": 4120, "avatar": "https://seccdn.libravatar.org/avatar/8c3a317a13d88ca7421098b94cce0501c97ca2283e7139c4992df34f6218fb3b?s=24&d=retro", "openid": "atim.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "rust-sig"}]}}}, {"karma": 0, "comment_id": 1833372, "bug_id": 1918229, "comment": {"karma": 1, "karma_critpath": 0, "text": "**Thank you for maintaining the rpm !**", "timestamp": "2021-01-23 19:00:03", "update_id": 274227, "user_id": 6171, "id": 1833372, "testcase_feedback": [], "user": {"name": "x3dsf", "email": "talktofergus@gmail.com", "id": 6171, "avatar": "https://seccdn.libravatar.org/avatar/d05ae1bb65ea90306d28213b40ba72ff40de91b48767b282b0ae4f6a9fdee9f5?s=24&d=retro", "openid": "x3dsf.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1833207, "bug_id": 1918229, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-23 15:35:29", "update_id": 274227, "user_id": 5791, "id": 1833207, "testcase_feedback": [], "user": {"name": "pampelmuse", "email": "pampelmuse@gmx.at", "id": 5791, "avatar": "https://seccdn.libravatar.org/avatar/bb6c6342bfedc934915501150e118faf015cde0f79677ee978989c5234cd8b1b?s=24&d=retro", "openid": "pampelmuse.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 0, "comment_id": 1833904, "bug_id": 1918229, "comment": {"karma": 1, "karma_critpath": 0, "text": "Thank you for maintaining this package and for 'ripping the patch' up front, without adding a long pain to it. \nAlso, for whoever is here asking themselves if there is a fully functional browser with sync-ing capabilities, the answer is yes: Firefox. ;-)\n", "timestamp": "2021-01-24 08:40:50", "update_id": 274227, "user_id": 4635, "id": 1833904, "testcase_feedback": [], "user": {"name": "ckristi", "email": "ckristi@gmail.com", "id": 4635, "avatar": "https://seccdn.libravatar.org/avatar/7470b7723a1569ad482dd778bfca90f0f22571f574746af4f90a84b55d52d90f?s=24&d=retro", "openid": "ckristi.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1835458, "bug_id": 1918229, "comment": {"karma": 0, "karma_critpath": 0, "text": "Please consider keeping the package updated going forward.\n\nWhile sync is certainly a useful feature, it's entirely possible to use Chromium without ever enabling it; some people might even consider the removal of this Google-specific functionality an improvement.\n\nFirefox is a very valid alternative, and what I personally use, but the fact that the two browsers use different engines makes it quite valuable to have both in the distribution.", "timestamp": "2021-01-24 23:16:22", "update_id": 274227, "user_id": 5346, "id": 1835458, "testcase_feedback": [], "user": {"name": "abologna", "email": "eof@kiyuko.org", "id": 5346, "avatar": "https://seccdn.libravatar.org/avatar/b3a32a0d2dcf11525bcda6c548a2e371fefce6e356c3761abeb43c51e38d320e?s=24&d=retro", "openid": "abologna.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "wikiedit"}, {"name": "kubevirt"}]}}}, {"karma": 0, "comment_id": 1836831, "bug_id": 1918229, "comment": {"karma": 0, "karma_critpath": 0, "text": "Is removal actually correct? The email thread says that APIs like safe browsing are still available, but they won't be any longer if the API keys get removed.", "timestamp": "2021-01-25 18:38:52", "update_id": 274227, "user_id": 4713, "id": 1836831, "testcase_feedback": [], "user": {"name": "refi64", "email": "rymg19@gmail.com", "id": 4713, "avatar": "https://seccdn.libravatar.org/avatar/46c688fd5c97a57db2e5d09d34cc92fb478308e4abf18ecd6bc2cc6de397b57d?s=24&d=retro", "openid": "refi64.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1839212, "bug_id": 1918229, "comment": {"karma": 0, "karma_critpath": 0, "text": "I would say replace the package with Ungoogled Chromium. This is effectively the same to end-users once the APIs are blocked, with one major gain which is complete google APIs block and removal at user-end to prevent any tracking act by google. ", "timestamp": "2021-01-27 05:44:28", "update_id": 274227, "user_id": 6181, "id": 1839212, "testcase_feedback": [], "user": {"name": "mahmoudajawad", "email": "m.abduljawad@hey.com", "id": 6181, "avatar": "https://seccdn.libravatar.org/avatar/8ca985ad1641c9cf4f27302a22af8e585a6394f11d7c68dfbd10a579280a022f?s=24&d=retro", "openid": "mahmoudajawad.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918229, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thanks a lot @spot for your work in maintaining chromium. I can assure you that we (cockpit team) depend on having a good Chromium Fedora package, and that your effort is much appreciated!\n\nHonestly I have a hard time shedding a lot of emotions about this. People who care about not using Google proprietary stuff (like me, although I use Firefox on desktop and phone) shouldn't/won't use  the proprietary bookmark sync either; and people who don't care will either not care much about using chrome vs. chromium?", "timestamp": "2021-01-27 09:10:47", "update_id": 274228, "user_id": 3506, "id": 1839392, "testcase_feedback": [], "user": {"name": "martinpitt", "email": "mpitt@redhat.com", "id": 3506, "avatar": "https://seccdn.libravatar.org/avatar/a6a00790fadaca10623f4464437e482d4ec110fe331397506ea9fe2664bec740?s=24&d=retro", "openid": "martinpitt.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "cockpitteam"}, {"name": "ocp-cico-cockpit"}]}}}, {"karma": 0, "comment_id": 1843772, "bug_id": 1918229, "comment": {"karma": 0, "karma_critpath": 0, "text": "Personally I don't care one bit for Sync of Geolocation services. Those are one of the first things I try disable when using a browser. The warning at the startup however made me think it was a far more serious change that could hurt browsing security. I would keep the package, if I wanted the full Google experience I'd stick with Google Chrome.", "timestamp": "2021-01-29 13:18:23", "update_id": 274227, "user_id": 6192, "id": 1843772, "testcase_feedback": [], "user": {"name": "vedora", "email": "weetjenu@protonmail.com", "id": 6192, "avatar": "https://seccdn.libravatar.org/avatar/661ef5fab323bf214decbd6867540656fcc4181e6de41aa37a3a05ecd429a9a6?s=24&d=retro", "openid": "vedora.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1883793, "bug_id": 1918229, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thank you for continuing to maintain the package! Your builds so far have been top notch and this persuaded me to switch to Chromium partly (earlier a full fledged Firefox user, from way back when I was using Windows). It is indeed a real shame that Google has <sha> let us all down so much! Considering how much they use Linux: Linux apps are the closest to an actual ecosystem on ChromiumOS, they regularly let their open source projects AOSP and Chromium (OS)) wither away..\n\nAs I have also posted on arnoldthebat's update (https://arnoldthebat.co.uk/wordpress/2021/02/10/important-update/comment-page-1/?unapproved=114658&moderation-hash=1f39af0354eeb66a2907c367d1c07e47#comment-114658), and as echoed in this (https://www.techrepublic.com/article/google-stripping-chromium-of-certain-api-access-is-an-opportunity-for-the-browser-to-shine/), is it potentially possible for us to use our own form of syncing for Chromium browsers alone? There are a lot of open source devs who maintain the browser, and in arnold's case, the OS, and easily 3x as many users who need it to get away from the bad tech giant. Maybe such an API should help us get away for good.. (I personally can help test this on a phone and my laptop, on atleast 3 distributions and Android, and if I could, would love to help with the code as well (I went into the medical field #( ), and I do think all of us can band together for a while to get Chromium back to where it was)", "timestamp": "2021-02-12 08:38:37", "update_id": 274227, "user_id": 6222, "id": 1883793, "testcase_feedback": [], "user": {"name": "djremo", "email": "sidharth.sundaresan@gmail.com", "id": 6222, "avatar": "https://seccdn.libravatar.org/avatar/a0124676ecb3849c13610fbb482fcf48d33d7098e712ca7b49b56e01760cc7f9?s=24&d=retro", "openid": "djremo.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1912121, "bug_id": 1918229, "comment": {"karma": 1, "karma_critpath": 0, "text": "WoW! I started to use Chromium a while back, and it was glorious. Thank you for making Chromium for the masses; everyone owes you a great debt of gratitude. What you did was awesome, and it is sad. I am not much of a coder, but I am a philosopher, and I offer a eulogy (yeah, it's a program, I know; I have not lost it, work with me here).\n\nToday, I eulogize something beautiful under the most tragic of circumstances. It is like the death of a child, something created and has part of that creator in it. We are left with the questions of what if and why. It was not due to a faceless disease or defect inherited from the parents; it was murder. We know who did it. The killer is someone that we once gladly welcomed into our home. We trusted them with our personal communications, our many questions, and the records of our lives, all with the singular promise not to be evil. That was the first lie, but not the last. \n\nThe friend that we once trusted turned on us, and in secret, they practiced the dark arts and were possessed with the spirit of Google (for they are too many). Today, they have killed their brother Chromium, and his code still cries out from the ground, but are we listening? Power corrupts, and absolute power corrupts absolutely, and now they have become death: the destroyer of worlds. \n\nPrince Chromium is dead, and now we are left with his useless brother sitting on the throne and breaking nuts with the royal seal. The King is dead; long live the king; now, what about us?", "timestamp": "2021-03-02 08:02:43", "update_id": 274227, "user_id": 6267, "id": 1912121, "testcase_feedback": [], "user": {"name": "whstoermer", "email": "whs_1984@hotmail.com", "id": 6267, "avatar": "https://seccdn.libravatar.org/avatar/ef94db85e17e29d82cb493106dd7fc9700940263b168aa427444855ac703c066?s=24&d=retro", "openid": "whstoermer.id.fedoraproject.org", "groups": []}}}]}, {"bug_id": 1918230, "title": "CVE-2021-21130 chromium-browser: Insufficient policy enforcement in File System API", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 1833300, "bug_id": 1918230, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works for me.", "timestamp": "2021-01-23 17:07:27", "update_id": 274227, "user_id": 273, "id": 1833300, "testcase_feedback": [], "user": {"name": "wolnei", "email": "e@wolnei.com.br", "id": 273, "avatar": "https://seccdn.libravatar.org/avatar/80619c350617edf030f2667bd8ffe77ff68f515022f339677c4571a0b2ec8296?s=24&d=retro", "openid": "wolnei.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "triagers"}, {"name": "advocates"}]}}}, {"karma": 0, "comment_id": 1832161, "bug_id": 1918230, "comment": {"karma": 0, "karma_critpath": 0, "text": "I'm not sure that 'disabling' sync that early before EOL is the best option.\nMessage and link popping up under toolbar does not explain what's going on and what the user can do about it: https://www.chromium.org/developers/how-tos/api-keys\n\nIt would be great to replace it with a link to some quick-doc explaining what and why will happen in March and what to do about it (that Firefox can import most data and sync it between multiple devices and platforms). Maybe in the meantime some alternative will arise, e.g. Firefox Sync adapted in Chromium or other synchronization engine, after all many distros will have this problem and probably some devs rely on that feature.\n\nI'm using Chromium just to test website compatibility, but I installed or recommended it for many non-technical users as a Chrome replacement. I'm pretty sure most users don't check bodhi and won't know what hit them.", "timestamp": "2021-01-22 21:24:10", "update_id": 274227, "user_id": 3674, "id": 1832161, "testcase_feedback": [], "user": {"name": "ozeszty", "email": "ozeszty@gmail.com", "id": 3674, "avatar": "https://seccdn.libravatar.org/avatar/9aeace02fa2d54f1f5febd3460182261a6a518035ea75cc9d788240d6e669cbe?s=24&d=retro", "openid": "ozeszty.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918230, "comment": {"karma": 1, "karma_critpath": 0, "text": "I'll always prefer chromium over chrome. Thank you for your work.", "timestamp": "2021-01-24 07:17:56", "update_id": 274228, "user_id": 4054, "id": 1833870, "testcase_feedback": [], "user": {"name": "boycottsystemd1", "email": "boycottsystemd@yahoo.com", "id": 4054, "avatar": "https://seccdn.libravatar.org/avatar/72822ae5aa82ed9dc6cb7bb35646270744387f81df9ec50d2903e8d4e0bd8691?s=24&d=retro", "openid": "boycottsystemd1.id.fedoraproject.org", "groups": [{"name": "ipausers"}]}}}, {"karma": 0, "comment_id": 1832013, "bug_id": 1918230, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-22 19:12:00", "update_id": 274227, "user_id": 2935, "id": 1832013, "testcase_feedback": [], "user": {"name": "imabug", "email": "eugenemah@gmail.com", "id": 2935, "avatar": "https://seccdn.libravatar.org/avatar/ea8ba927783ee0ef10e6f05f14791abf925972bac4f31aba458058d3e7907a6d?s=24&d=retro", "openid": "imabug.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedora-hams"}]}}}, {"karma": 0, "comment_id": 1833107, "bug_id": 1918230, "comment": {"karma": 1, "karma_critpath": 0, "text": "Firefox FTW!", "timestamp": "2021-01-23 13:37:43", "update_id": 274227, "user_id": 4120, "id": 1833107, "testcase_feedback": [], "user": {"name": "atim", "email": "ego.cordatus@gmail.com", "id": 4120, "avatar": "https://seccdn.libravatar.org/avatar/8c3a317a13d88ca7421098b94cce0501c97ca2283e7139c4992df34f6218fb3b?s=24&d=retro", "openid": "atim.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "rust-sig"}]}}}, {"karma": 0, "comment_id": 1833372, "bug_id": 1918230, "comment": {"karma": 1, "karma_critpath": 0, "text": "**Thank you for maintaining the rpm !**", "timestamp": "2021-01-23 19:00:03", "update_id": 274227, "user_id": 6171, "id": 1833372, "testcase_feedback": [], "user": {"name": "x3dsf", "email": "talktofergus@gmail.com", "id": 6171, "avatar": "https://seccdn.libravatar.org/avatar/d05ae1bb65ea90306d28213b40ba72ff40de91b48767b282b0ae4f6a9fdee9f5?s=24&d=retro", "openid": "x3dsf.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1833207, "bug_id": 1918230, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-23 15:35:29", "update_id": 274227, "user_id": 5791, "id": 1833207, "testcase_feedback": [], "user": {"name": "pampelmuse", "email": "pampelmuse@gmx.at", "id": 5791, "avatar": "https://seccdn.libravatar.org/avatar/bb6c6342bfedc934915501150e118faf015cde0f79677ee978989c5234cd8b1b?s=24&d=retro", "openid": "pampelmuse.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 0, "comment_id": 1833904, "bug_id": 1918230, "comment": {"karma": 1, "karma_critpath": 0, "text": "Thank you for maintaining this package and for 'ripping the patch' up front, without adding a long pain to it. \nAlso, for whoever is here asking themselves if there is a fully functional browser with sync-ing capabilities, the answer is yes: Firefox. ;-)\n", "timestamp": "2021-01-24 08:40:50", "update_id": 274227, "user_id": 4635, "id": 1833904, "testcase_feedback": [], "user": {"name": "ckristi", "email": "ckristi@gmail.com", "id": 4635, "avatar": "https://seccdn.libravatar.org/avatar/7470b7723a1569ad482dd778bfca90f0f22571f574746af4f90a84b55d52d90f?s=24&d=retro", "openid": "ckristi.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1835458, "bug_id": 1918230, "comment": {"karma": 0, "karma_critpath": 0, "text": "Please consider keeping the package updated going forward.\n\nWhile sync is certainly a useful feature, it's entirely possible to use Chromium without ever enabling it; some people might even consider the removal of this Google-specific functionality an improvement.\n\nFirefox is a very valid alternative, and what I personally use, but the fact that the two browsers use different engines makes it quite valuable to have both in the distribution.", "timestamp": "2021-01-24 23:16:22", "update_id": 274227, "user_id": 5346, "id": 1835458, "testcase_feedback": [], "user": {"name": "abologna", "email": "eof@kiyuko.org", "id": 5346, "avatar": "https://seccdn.libravatar.org/avatar/b3a32a0d2dcf11525bcda6c548a2e371fefce6e356c3761abeb43c51e38d320e?s=24&d=retro", "openid": "abologna.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "wikiedit"}, {"name": "kubevirt"}]}}}, {"karma": 0, "comment_id": 1836831, "bug_id": 1918230, "comment": {"karma": 0, "karma_critpath": 0, "text": "Is removal actually correct? The email thread says that APIs like safe browsing are still available, but they won't be any longer if the API keys get removed.", "timestamp": "2021-01-25 18:38:52", "update_id": 274227, "user_id": 4713, "id": 1836831, "testcase_feedback": [], "user": {"name": "refi64", "email": "rymg19@gmail.com", "id": 4713, "avatar": "https://seccdn.libravatar.org/avatar/46c688fd5c97a57db2e5d09d34cc92fb478308e4abf18ecd6bc2cc6de397b57d?s=24&d=retro", "openid": "refi64.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1839212, "bug_id": 1918230, "comment": {"karma": 0, "karma_critpath": 0, "text": "I would say replace the package with Ungoogled Chromium. This is effectively the same to end-users once the APIs are blocked, with one major gain which is complete google APIs block and removal at user-end to prevent any tracking act by google. ", "timestamp": "2021-01-27 05:44:28", "update_id": 274227, "user_id": 6181, "id": 1839212, "testcase_feedback": [], "user": {"name": "mahmoudajawad", "email": "m.abduljawad@hey.com", "id": 6181, "avatar": "https://seccdn.libravatar.org/avatar/8ca985ad1641c9cf4f27302a22af8e585a6394f11d7c68dfbd10a579280a022f?s=24&d=retro", "openid": "mahmoudajawad.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918230, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thanks a lot @spot for your work in maintaining chromium. I can assure you that we (cockpit team) depend on having a good Chromium Fedora package, and that your effort is much appreciated!\n\nHonestly I have a hard time shedding a lot of emotions about this. People who care about not using Google proprietary stuff (like me, although I use Firefox on desktop and phone) shouldn't/won't use  the proprietary bookmark sync either; and people who don't care will either not care much about using chrome vs. chromium?", "timestamp": "2021-01-27 09:10:47", "update_id": 274228, "user_id": 3506, "id": 1839392, "testcase_feedback": [], "user": {"name": "martinpitt", "email": "mpitt@redhat.com", "id": 3506, "avatar": "https://seccdn.libravatar.org/avatar/a6a00790fadaca10623f4464437e482d4ec110fe331397506ea9fe2664bec740?s=24&d=retro", "openid": "martinpitt.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "cockpitteam"}, {"name": "ocp-cico-cockpit"}]}}}, {"karma": 0, "comment_id": 1843772, "bug_id": 1918230, "comment": {"karma": 0, "karma_critpath": 0, "text": "Personally I don't care one bit for Sync of Geolocation services. Those are one of the first things I try disable when using a browser. The warning at the startup however made me think it was a far more serious change that could hurt browsing security. I would keep the package, if I wanted the full Google experience I'd stick with Google Chrome.", "timestamp": "2021-01-29 13:18:23", "update_id": 274227, "user_id": 6192, "id": 1843772, "testcase_feedback": [], "user": {"name": "vedora", "email": "weetjenu@protonmail.com", "id": 6192, "avatar": "https://seccdn.libravatar.org/avatar/661ef5fab323bf214decbd6867540656fcc4181e6de41aa37a3a05ecd429a9a6?s=24&d=retro", "openid": "vedora.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1883793, "bug_id": 1918230, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thank you for continuing to maintain the package! Your builds so far have been top notch and this persuaded me to switch to Chromium partly (earlier a full fledged Firefox user, from way back when I was using Windows). It is indeed a real shame that Google has <sha> let us all down so much! Considering how much they use Linux: Linux apps are the closest to an actual ecosystem on ChromiumOS, they regularly let their open source projects AOSP and Chromium (OS)) wither away..\n\nAs I have also posted on arnoldthebat's update (https://arnoldthebat.co.uk/wordpress/2021/02/10/important-update/comment-page-1/?unapproved=114658&moderation-hash=1f39af0354eeb66a2907c367d1c07e47#comment-114658), and as echoed in this (https://www.techrepublic.com/article/google-stripping-chromium-of-certain-api-access-is-an-opportunity-for-the-browser-to-shine/), is it potentially possible for us to use our own form of syncing for Chromium browsers alone? There are a lot of open source devs who maintain the browser, and in arnold's case, the OS, and easily 3x as many users who need it to get away from the bad tech giant. Maybe such an API should help us get away for good.. (I personally can help test this on a phone and my laptop, on atleast 3 distributions and Android, and if I could, would love to help with the code as well (I went into the medical field #( ), and I do think all of us can band together for a while to get Chromium back to where it was)", "timestamp": "2021-02-12 08:38:37", "update_id": 274227, "user_id": 6222, "id": 1883793, "testcase_feedback": [], "user": {"name": "djremo", "email": "sidharth.sundaresan@gmail.com", "id": 6222, "avatar": "https://seccdn.libravatar.org/avatar/a0124676ecb3849c13610fbb482fcf48d33d7098e712ca7b49b56e01760cc7f9?s=24&d=retro", "openid": "djremo.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1912121, "bug_id": 1918230, "comment": {"karma": 1, "karma_critpath": 0, "text": "WoW! I started to use Chromium a while back, and it was glorious. Thank you for making Chromium for the masses; everyone owes you a great debt of gratitude. What you did was awesome, and it is sad. I am not much of a coder, but I am a philosopher, and I offer a eulogy (yeah, it's a program, I know; I have not lost it, work with me here).\n\nToday, I eulogize something beautiful under the most tragic of circumstances. It is like the death of a child, something created and has part of that creator in it. We are left with the questions of what if and why. It was not due to a faceless disease or defect inherited from the parents; it was murder. We know who did it. The killer is someone that we once gladly welcomed into our home. We trusted them with our personal communications, our many questions, and the records of our lives, all with the singular promise not to be evil. That was the first lie, but not the last. \n\nThe friend that we once trusted turned on us, and in secret, they practiced the dark arts and were possessed with the spirit of Google (for they are too many). Today, they have killed their brother Chromium, and his code still cries out from the ground, but are we listening? Power corrupts, and absolute power corrupts absolutely, and now they have become death: the destroyer of worlds. \n\nPrince Chromium is dead, and now we are left with his useless brother sitting on the throne and breaking nuts with the royal seal. The King is dead; long live the king; now, what about us?", "timestamp": "2021-03-02 08:02:43", "update_id": 274227, "user_id": 6267, "id": 1912121, "testcase_feedback": [], "user": {"name": "whstoermer", "email": "whs_1984@hotmail.com", "id": 6267, "avatar": "https://seccdn.libravatar.org/avatar/ef94db85e17e29d82cb493106dd7fc9700940263b168aa427444855ac703c066?s=24&d=retro", "openid": "whstoermer.id.fedoraproject.org", "groups": []}}}]}, {"bug_id": 1918231, "title": "CVE-2021-21131 chromium-browser: Insufficient policy enforcement in File System API", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 1833300, "bug_id": 1918231, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works for me.", "timestamp": "2021-01-23 17:07:27", "update_id": 274227, "user_id": 273, "id": 1833300, "testcase_feedback": [], "user": {"name": "wolnei", "email": "e@wolnei.com.br", "id": 273, "avatar": "https://seccdn.libravatar.org/avatar/80619c350617edf030f2667bd8ffe77ff68f515022f339677c4571a0b2ec8296?s=24&d=retro", "openid": "wolnei.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "triagers"}, {"name": "advocates"}]}}}, {"karma": 0, "comment_id": 1832161, "bug_id": 1918231, "comment": {"karma": 0, "karma_critpath": 0, "text": "I'm not sure that 'disabling' sync that early before EOL is the best option.\nMessage and link popping up under toolbar does not explain what's going on and what the user can do about it: https://www.chromium.org/developers/how-tos/api-keys\n\nIt would be great to replace it with a link to some quick-doc explaining what and why will happen in March and what to do about it (that Firefox can import most data and sync it between multiple devices and platforms). Maybe in the meantime some alternative will arise, e.g. Firefox Sync adapted in Chromium or other synchronization engine, after all many distros will have this problem and probably some devs rely on that feature.\n\nI'm using Chromium just to test website compatibility, but I installed or recommended it for many non-technical users as a Chrome replacement. I'm pretty sure most users don't check bodhi and won't know what hit them.", "timestamp": "2021-01-22 21:24:10", "update_id": 274227, "user_id": 3674, "id": 1832161, "testcase_feedback": [], "user": {"name": "ozeszty", "email": "ozeszty@gmail.com", "id": 3674, "avatar": "https://seccdn.libravatar.org/avatar/9aeace02fa2d54f1f5febd3460182261a6a518035ea75cc9d788240d6e669cbe?s=24&d=retro", "openid": "ozeszty.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918231, "comment": {"karma": 1, "karma_critpath": 0, "text": "I'll always prefer chromium over chrome. Thank you for your work.", "timestamp": "2021-01-24 07:17:56", "update_id": 274228, "user_id": 4054, "id": 1833870, "testcase_feedback": [], "user": {"name": "boycottsystemd1", "email": "boycottsystemd@yahoo.com", "id": 4054, "avatar": "https://seccdn.libravatar.org/avatar/72822ae5aa82ed9dc6cb7bb35646270744387f81df9ec50d2903e8d4e0bd8691?s=24&d=retro", "openid": "boycottsystemd1.id.fedoraproject.org", "groups": [{"name": "ipausers"}]}}}, {"karma": 0, "comment_id": 1832013, "bug_id": 1918231, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-22 19:12:00", "update_id": 274227, "user_id": 2935, "id": 1832013, "testcase_feedback": [], "user": {"name": "imabug", "email": "eugenemah@gmail.com", "id": 2935, "avatar": "https://seccdn.libravatar.org/avatar/ea8ba927783ee0ef10e6f05f14791abf925972bac4f31aba458058d3e7907a6d?s=24&d=retro", "openid": "imabug.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedora-hams"}]}}}, {"karma": 0, "comment_id": 1833107, "bug_id": 1918231, "comment": {"karma": 1, "karma_critpath": 0, "text": "Firefox FTW!", "timestamp": "2021-01-23 13:37:43", "update_id": 274227, "user_id": 4120, "id": 1833107, "testcase_feedback": [], "user": {"name": "atim", "email": "ego.cordatus@gmail.com", "id": 4120, "avatar": "https://seccdn.libravatar.org/avatar/8c3a317a13d88ca7421098b94cce0501c97ca2283e7139c4992df34f6218fb3b?s=24&d=retro", "openid": "atim.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "rust-sig"}]}}}, {"karma": 0, "comment_id": 1833372, "bug_id": 1918231, "comment": {"karma": 1, "karma_critpath": 0, "text": "**Thank you for maintaining the rpm !**", "timestamp": "2021-01-23 19:00:03", "update_id": 274227, "user_id": 6171, "id": 1833372, "testcase_feedback": [], "user": {"name": "x3dsf", "email": "talktofergus@gmail.com", "id": 6171, "avatar": "https://seccdn.libravatar.org/avatar/d05ae1bb65ea90306d28213b40ba72ff40de91b48767b282b0ae4f6a9fdee9f5?s=24&d=retro", "openid": "x3dsf.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1833207, "bug_id": 1918231, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-23 15:35:29", "update_id": 274227, "user_id": 5791, "id": 1833207, "testcase_feedback": [], "user": {"name": "pampelmuse", "email": "pampelmuse@gmx.at", "id": 5791, "avatar": "https://seccdn.libravatar.org/avatar/bb6c6342bfedc934915501150e118faf015cde0f79677ee978989c5234cd8b1b?s=24&d=retro", "openid": "pampelmuse.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 0, "comment_id": 1833904, "bug_id": 1918231, "comment": {"karma": 1, "karma_critpath": 0, "text": "Thank you for maintaining this package and for 'ripping the patch' up front, without adding a long pain to it. \nAlso, for whoever is here asking themselves if there is a fully functional browser with sync-ing capabilities, the answer is yes: Firefox. ;-)\n", "timestamp": "2021-01-24 08:40:50", "update_id": 274227, "user_id": 4635, "id": 1833904, "testcase_feedback": [], "user": {"name": "ckristi", "email": "ckristi@gmail.com", "id": 4635, "avatar": "https://seccdn.libravatar.org/avatar/7470b7723a1569ad482dd778bfca90f0f22571f574746af4f90a84b55d52d90f?s=24&d=retro", "openid": "ckristi.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1835458, "bug_id": 1918231, "comment": {"karma": 0, "karma_critpath": 0, "text": "Please consider keeping the package updated going forward.\n\nWhile sync is certainly a useful feature, it's entirely possible to use Chromium without ever enabling it; some people might even consider the removal of this Google-specific functionality an improvement.\n\nFirefox is a very valid alternative, and what I personally use, but the fact that the two browsers use different engines makes it quite valuable to have both in the distribution.", "timestamp": "2021-01-24 23:16:22", "update_id": 274227, "user_id": 5346, "id": 1835458, "testcase_feedback": [], "user": {"name": "abologna", "email": "eof@kiyuko.org", "id": 5346, "avatar": "https://seccdn.libravatar.org/avatar/b3a32a0d2dcf11525bcda6c548a2e371fefce6e356c3761abeb43c51e38d320e?s=24&d=retro", "openid": "abologna.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "wikiedit"}, {"name": "kubevirt"}]}}}, {"karma": 0, "comment_id": 1836831, "bug_id": 1918231, "comment": {"karma": 0, "karma_critpath": 0, "text": "Is removal actually correct? The email thread says that APIs like safe browsing are still available, but they won't be any longer if the API keys get removed.", "timestamp": "2021-01-25 18:38:52", "update_id": 274227, "user_id": 4713, "id": 1836831, "testcase_feedback": [], "user": {"name": "refi64", "email": "rymg19@gmail.com", "id": 4713, "avatar": "https://seccdn.libravatar.org/avatar/46c688fd5c97a57db2e5d09d34cc92fb478308e4abf18ecd6bc2cc6de397b57d?s=24&d=retro", "openid": "refi64.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1839212, "bug_id": 1918231, "comment": {"karma": 0, "karma_critpath": 0, "text": "I would say replace the package with Ungoogled Chromium. This is effectively the same to end-users once the APIs are blocked, with one major gain which is complete google APIs block and removal at user-end to prevent any tracking act by google. ", "timestamp": "2021-01-27 05:44:28", "update_id": 274227, "user_id": 6181, "id": 1839212, "testcase_feedback": [], "user": {"name": "mahmoudajawad", "email": "m.abduljawad@hey.com", "id": 6181, "avatar": "https://seccdn.libravatar.org/avatar/8ca985ad1641c9cf4f27302a22af8e585a6394f11d7c68dfbd10a579280a022f?s=24&d=retro", "openid": "mahmoudajawad.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918231, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thanks a lot @spot for your work in maintaining chromium. I can assure you that we (cockpit team) depend on having a good Chromium Fedora package, and that your effort is much appreciated!\n\nHonestly I have a hard time shedding a lot of emotions about this. People who care about not using Google proprietary stuff (like me, although I use Firefox on desktop and phone) shouldn't/won't use  the proprietary bookmark sync either; and people who don't care will either not care much about using chrome vs. chromium?", "timestamp": "2021-01-27 09:10:47", "update_id": 274228, "user_id": 3506, "id": 1839392, "testcase_feedback": [], "user": {"name": "martinpitt", "email": "mpitt@redhat.com", "id": 3506, "avatar": "https://seccdn.libravatar.org/avatar/a6a00790fadaca10623f4464437e482d4ec110fe331397506ea9fe2664bec740?s=24&d=retro", "openid": "martinpitt.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "cockpitteam"}, {"name": "ocp-cico-cockpit"}]}}}, {"karma": 0, "comment_id": 1843772, "bug_id": 1918231, "comment": {"karma": 0, "karma_critpath": 0, "text": "Personally I don't care one bit for Sync of Geolocation services. Those are one of the first things I try disable when using a browser. The warning at the startup however made me think it was a far more serious change that could hurt browsing security. I would keep the package, if I wanted the full Google experience I'd stick with Google Chrome.", "timestamp": "2021-01-29 13:18:23", "update_id": 274227, "user_id": 6192, "id": 1843772, "testcase_feedback": [], "user": {"name": "vedora", "email": "weetjenu@protonmail.com", "id": 6192, "avatar": "https://seccdn.libravatar.org/avatar/661ef5fab323bf214decbd6867540656fcc4181e6de41aa37a3a05ecd429a9a6?s=24&d=retro", "openid": "vedora.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1883793, "bug_id": 1918231, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thank you for continuing to maintain the package! Your builds so far have been top notch and this persuaded me to switch to Chromium partly (earlier a full fledged Firefox user, from way back when I was using Windows). It is indeed a real shame that Google has <sha> let us all down so much! Considering how much they use Linux: Linux apps are the closest to an actual ecosystem on ChromiumOS, they regularly let their open source projects AOSP and Chromium (OS)) wither away..\n\nAs I have also posted on arnoldthebat's update (https://arnoldthebat.co.uk/wordpress/2021/02/10/important-update/comment-page-1/?unapproved=114658&moderation-hash=1f39af0354eeb66a2907c367d1c07e47#comment-114658), and as echoed in this (https://www.techrepublic.com/article/google-stripping-chromium-of-certain-api-access-is-an-opportunity-for-the-browser-to-shine/), is it potentially possible for us to use our own form of syncing for Chromium browsers alone? There are a lot of open source devs who maintain the browser, and in arnold's case, the OS, and easily 3x as many users who need it to get away from the bad tech giant. Maybe such an API should help us get away for good.. (I personally can help test this on a phone and my laptop, on atleast 3 distributions and Android, and if I could, would love to help with the code as well (I went into the medical field #( ), and I do think all of us can band together for a while to get Chromium back to where it was)", "timestamp": "2021-02-12 08:38:37", "update_id": 274227, "user_id": 6222, "id": 1883793, "testcase_feedback": [], "user": {"name": "djremo", "email": "sidharth.sundaresan@gmail.com", "id": 6222, "avatar": "https://seccdn.libravatar.org/avatar/a0124676ecb3849c13610fbb482fcf48d33d7098e712ca7b49b56e01760cc7f9?s=24&d=retro", "openid": "djremo.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1912121, "bug_id": 1918231, "comment": {"karma": 1, "karma_critpath": 0, "text": "WoW! I started to use Chromium a while back, and it was glorious. Thank you for making Chromium for the masses; everyone owes you a great debt of gratitude. What you did was awesome, and it is sad. I am not much of a coder, but I am a philosopher, and I offer a eulogy (yeah, it's a program, I know; I have not lost it, work with me here).\n\nToday, I eulogize something beautiful under the most tragic of circumstances. It is like the death of a child, something created and has part of that creator in it. We are left with the questions of what if and why. It was not due to a faceless disease or defect inherited from the parents; it was murder. We know who did it. The killer is someone that we once gladly welcomed into our home. We trusted them with our personal communications, our many questions, and the records of our lives, all with the singular promise not to be evil. That was the first lie, but not the last. \n\nThe friend that we once trusted turned on us, and in secret, they practiced the dark arts and were possessed with the spirit of Google (for they are too many). Today, they have killed their brother Chromium, and his code still cries out from the ground, but are we listening? Power corrupts, and absolute power corrupts absolutely, and now they have become death: the destroyer of worlds. \n\nPrince Chromium is dead, and now we are left with his useless brother sitting on the throne and breaking nuts with the royal seal. The King is dead; long live the king; now, what about us?", "timestamp": "2021-03-02 08:02:43", "update_id": 274227, "user_id": 6267, "id": 1912121, "testcase_feedback": [], "user": {"name": "whstoermer", "email": "whs_1984@hotmail.com", "id": 6267, "avatar": "https://seccdn.libravatar.org/avatar/ef94db85e17e29d82cb493106dd7fc9700940263b168aa427444855ac703c066?s=24&d=retro", "openid": "whstoermer.id.fedoraproject.org", "groups": []}}}]}, {"bug_id": 1918232, "title": "CVE-2021-21132 chromium-browser: Inappropriate implementation in DevTools", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 1833300, "bug_id": 1918232, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works for me.", "timestamp": "2021-01-23 17:07:27", "update_id": 274227, "user_id": 273, "id": 1833300, "testcase_feedback": [], "user": {"name": "wolnei", "email": "e@wolnei.com.br", "id": 273, "avatar": "https://seccdn.libravatar.org/avatar/80619c350617edf030f2667bd8ffe77ff68f515022f339677c4571a0b2ec8296?s=24&d=retro", "openid": "wolnei.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "triagers"}, {"name": "advocates"}]}}}, {"karma": 0, "comment_id": 1832161, "bug_id": 1918232, "comment": {"karma": 0, "karma_critpath": 0, "text": "I'm not sure that 'disabling' sync that early before EOL is the best option.\nMessage and link popping up under toolbar does not explain what's going on and what the user can do about it: https://www.chromium.org/developers/how-tos/api-keys\n\nIt would be great to replace it with a link to some quick-doc explaining what and why will happen in March and what to do about it (that Firefox can import most data and sync it between multiple devices and platforms). Maybe in the meantime some alternative will arise, e.g. Firefox Sync adapted in Chromium or other synchronization engine, after all many distros will have this problem and probably some devs rely on that feature.\n\nI'm using Chromium just to test website compatibility, but I installed or recommended it for many non-technical users as a Chrome replacement. I'm pretty sure most users don't check bodhi and won't know what hit them.", "timestamp": "2021-01-22 21:24:10", "update_id": 274227, "user_id": 3674, "id": 1832161, "testcase_feedback": [], "user": {"name": "ozeszty", "email": "ozeszty@gmail.com", "id": 3674, "avatar": "https://seccdn.libravatar.org/avatar/9aeace02fa2d54f1f5febd3460182261a6a518035ea75cc9d788240d6e669cbe?s=24&d=retro", "openid": "ozeszty.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918232, "comment": {"karma": 1, "karma_critpath": 0, "text": "I'll always prefer chromium over chrome. Thank you for your work.", "timestamp": "2021-01-24 07:17:56", "update_id": 274228, "user_id": 4054, "id": 1833870, "testcase_feedback": [], "user": {"name": "boycottsystemd1", "email": "boycottsystemd@yahoo.com", "id": 4054, "avatar": "https://seccdn.libravatar.org/avatar/72822ae5aa82ed9dc6cb7bb35646270744387f81df9ec50d2903e8d4e0bd8691?s=24&d=retro", "openid": "boycottsystemd1.id.fedoraproject.org", "groups": [{"name": "ipausers"}]}}}, {"karma": 0, "comment_id": 1832013, "bug_id": 1918232, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-22 19:12:00", "update_id": 274227, "user_id": 2935, "id": 1832013, "testcase_feedback": [], "user": {"name": "imabug", "email": "eugenemah@gmail.com", "id": 2935, "avatar": "https://seccdn.libravatar.org/avatar/ea8ba927783ee0ef10e6f05f14791abf925972bac4f31aba458058d3e7907a6d?s=24&d=retro", "openid": "imabug.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedora-hams"}]}}}, {"karma": 0, "comment_id": 1833107, "bug_id": 1918232, "comment": {"karma": 1, "karma_critpath": 0, "text": "Firefox FTW!", "timestamp": "2021-01-23 13:37:43", "update_id": 274227, "user_id": 4120, "id": 1833107, "testcase_feedback": [], "user": {"name": "atim", "email": "ego.cordatus@gmail.com", "id": 4120, "avatar": "https://seccdn.libravatar.org/avatar/8c3a317a13d88ca7421098b94cce0501c97ca2283e7139c4992df34f6218fb3b?s=24&d=retro", "openid": "atim.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "rust-sig"}]}}}, {"karma": 0, "comment_id": 1833372, "bug_id": 1918232, "comment": {"karma": 1, "karma_critpath": 0, "text": "**Thank you for maintaining the rpm !**", "timestamp": "2021-01-23 19:00:03", "update_id": 274227, "user_id": 6171, "id": 1833372, "testcase_feedback": [], "user": {"name": "x3dsf", "email": "talktofergus@gmail.com", "id": 6171, "avatar": "https://seccdn.libravatar.org/avatar/d05ae1bb65ea90306d28213b40ba72ff40de91b48767b282b0ae4f6a9fdee9f5?s=24&d=retro", "openid": "x3dsf.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1833207, "bug_id": 1918232, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-23 15:35:29", "update_id": 274227, "user_id": 5791, "id": 1833207, "testcase_feedback": [], "user": {"name": "pampelmuse", "email": "pampelmuse@gmx.at", "id": 5791, "avatar": "https://seccdn.libravatar.org/avatar/bb6c6342bfedc934915501150e118faf015cde0f79677ee978989c5234cd8b1b?s=24&d=retro", "openid": "pampelmuse.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 0, "comment_id": 1833904, "bug_id": 1918232, "comment": {"karma": 1, "karma_critpath": 0, "text": "Thank you for maintaining this package and for 'ripping the patch' up front, without adding a long pain to it. \nAlso, for whoever is here asking themselves if there is a fully functional browser with sync-ing capabilities, the answer is yes: Firefox. ;-)\n", "timestamp": "2021-01-24 08:40:50", "update_id": 274227, "user_id": 4635, "id": 1833904, "testcase_feedback": [], "user": {"name": "ckristi", "email": "ckristi@gmail.com", "id": 4635, "avatar": "https://seccdn.libravatar.org/avatar/7470b7723a1569ad482dd778bfca90f0f22571f574746af4f90a84b55d52d90f?s=24&d=retro", "openid": "ckristi.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1835458, "bug_id": 1918232, "comment": {"karma": 0, "karma_critpath": 0, "text": "Please consider keeping the package updated going forward.\n\nWhile sync is certainly a useful feature, it's entirely possible to use Chromium without ever enabling it; some people might even consider the removal of this Google-specific functionality an improvement.\n\nFirefox is a very valid alternative, and what I personally use, but the fact that the two browsers use different engines makes it quite valuable to have both in the distribution.", "timestamp": "2021-01-24 23:16:22", "update_id": 274227, "user_id": 5346, "id": 1835458, "testcase_feedback": [], "user": {"name": "abologna", "email": "eof@kiyuko.org", "id": 5346, "avatar": "https://seccdn.libravatar.org/avatar/b3a32a0d2dcf11525bcda6c548a2e371fefce6e356c3761abeb43c51e38d320e?s=24&d=retro", "openid": "abologna.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "wikiedit"}, {"name": "kubevirt"}]}}}, {"karma": 0, "comment_id": 1836831, "bug_id": 1918232, "comment": {"karma": 0, "karma_critpath": 0, "text": "Is removal actually correct? The email thread says that APIs like safe browsing are still available, but they won't be any longer if the API keys get removed.", "timestamp": "2021-01-25 18:38:52", "update_id": 274227, "user_id": 4713, "id": 1836831, "testcase_feedback": [], "user": {"name": "refi64", "email": "rymg19@gmail.com", "id": 4713, "avatar": "https://seccdn.libravatar.org/avatar/46c688fd5c97a57db2e5d09d34cc92fb478308e4abf18ecd6bc2cc6de397b57d?s=24&d=retro", "openid": "refi64.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1839212, "bug_id": 1918232, "comment": {"karma": 0, "karma_critpath": 0, "text": "I would say replace the package with Ungoogled Chromium. This is effectively the same to end-users once the APIs are blocked, with one major gain which is complete google APIs block and removal at user-end to prevent any tracking act by google. ", "timestamp": "2021-01-27 05:44:28", "update_id": 274227, "user_id": 6181, "id": 1839212, "testcase_feedback": [], "user": {"name": "mahmoudajawad", "email": "m.abduljawad@hey.com", "id": 6181, "avatar": "https://seccdn.libravatar.org/avatar/8ca985ad1641c9cf4f27302a22af8e585a6394f11d7c68dfbd10a579280a022f?s=24&d=retro", "openid": "mahmoudajawad.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918232, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thanks a lot @spot for your work in maintaining chromium. I can assure you that we (cockpit team) depend on having a good Chromium Fedora package, and that your effort is much appreciated!\n\nHonestly I have a hard time shedding a lot of emotions about this. People who care about not using Google proprietary stuff (like me, although I use Firefox on desktop and phone) shouldn't/won't use  the proprietary bookmark sync either; and people who don't care will either not care much about using chrome vs. chromium?", "timestamp": "2021-01-27 09:10:47", "update_id": 274228, "user_id": 3506, "id": 1839392, "testcase_feedback": [], "user": {"name": "martinpitt", "email": "mpitt@redhat.com", "id": 3506, "avatar": "https://seccdn.libravatar.org/avatar/a6a00790fadaca10623f4464437e482d4ec110fe331397506ea9fe2664bec740?s=24&d=retro", "openid": "martinpitt.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "cockpitteam"}, {"name": "ocp-cico-cockpit"}]}}}, {"karma": 0, "comment_id": 1843772, "bug_id": 1918232, "comment": {"karma": 0, "karma_critpath": 0, "text": "Personally I don't care one bit for Sync of Geolocation services. Those are one of the first things I try disable when using a browser. The warning at the startup however made me think it was a far more serious change that could hurt browsing security. I would keep the package, if I wanted the full Google experience I'd stick with Google Chrome.", "timestamp": "2021-01-29 13:18:23", "update_id": 274227, "user_id": 6192, "id": 1843772, "testcase_feedback": [], "user": {"name": "vedora", "email": "weetjenu@protonmail.com", "id": 6192, "avatar": "https://seccdn.libravatar.org/avatar/661ef5fab323bf214decbd6867540656fcc4181e6de41aa37a3a05ecd429a9a6?s=24&d=retro", "openid": "vedora.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1883793, "bug_id": 1918232, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thank you for continuing to maintain the package! Your builds so far have been top notch and this persuaded me to switch to Chromium partly (earlier a full fledged Firefox user, from way back when I was using Windows). It is indeed a real shame that Google has <sha> let us all down so much! Considering how much they use Linux: Linux apps are the closest to an actual ecosystem on ChromiumOS, they regularly let their open source projects AOSP and Chromium (OS)) wither away..\n\nAs I have also posted on arnoldthebat's update (https://arnoldthebat.co.uk/wordpress/2021/02/10/important-update/comment-page-1/?unapproved=114658&moderation-hash=1f39af0354eeb66a2907c367d1c07e47#comment-114658), and as echoed in this (https://www.techrepublic.com/article/google-stripping-chromium-of-certain-api-access-is-an-opportunity-for-the-browser-to-shine/), is it potentially possible for us to use our own form of syncing for Chromium browsers alone? There are a lot of open source devs who maintain the browser, and in arnold's case, the OS, and easily 3x as many users who need it to get away from the bad tech giant. Maybe such an API should help us get away for good.. (I personally can help test this on a phone and my laptop, on atleast 3 distributions and Android, and if I could, would love to help with the code as well (I went into the medical field #( ), and I do think all of us can band together for a while to get Chromium back to where it was)", "timestamp": "2021-02-12 08:38:37", "update_id": 274227, "user_id": 6222, "id": 1883793, "testcase_feedback": [], "user": {"name": "djremo", "email": "sidharth.sundaresan@gmail.com", "id": 6222, "avatar": "https://seccdn.libravatar.org/avatar/a0124676ecb3849c13610fbb482fcf48d33d7098e712ca7b49b56e01760cc7f9?s=24&d=retro", "openid": "djremo.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1912121, "bug_id": 1918232, "comment": {"karma": 1, "karma_critpath": 0, "text": "WoW! I started to use Chromium a while back, and it was glorious. Thank you for making Chromium for the masses; everyone owes you a great debt of gratitude. What you did was awesome, and it is sad. I am not much of a coder, but I am a philosopher, and I offer a eulogy (yeah, it's a program, I know; I have not lost it, work with me here).\n\nToday, I eulogize something beautiful under the most tragic of circumstances. It is like the death of a child, something created and has part of that creator in it. We are left with the questions of what if and why. It was not due to a faceless disease or defect inherited from the parents; it was murder. We know who did it. The killer is someone that we once gladly welcomed into our home. We trusted them with our personal communications, our many questions, and the records of our lives, all with the singular promise not to be evil. That was the first lie, but not the last. \n\nThe friend that we once trusted turned on us, and in secret, they practiced the dark arts and were possessed with the spirit of Google (for they are too many). Today, they have killed their brother Chromium, and his code still cries out from the ground, but are we listening? Power corrupts, and absolute power corrupts absolutely, and now they have become death: the destroyer of worlds. \n\nPrince Chromium is dead, and now we are left with his useless brother sitting on the throne and breaking nuts with the royal seal. The King is dead; long live the king; now, what about us?", "timestamp": "2021-03-02 08:02:43", "update_id": 274227, "user_id": 6267, "id": 1912121, "testcase_feedback": [], "user": {"name": "whstoermer", "email": "whs_1984@hotmail.com", "id": 6267, "avatar": "https://seccdn.libravatar.org/avatar/ef94db85e17e29d82cb493106dd7fc9700940263b168aa427444855ac703c066?s=24&d=retro", "openid": "whstoermer.id.fedoraproject.org", "groups": []}}}]}, {"bug_id": 1918233, "title": "CVE-2021-21133 chromium-browser: Insufficient policy enforcement in Downloads", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 1833300, "bug_id": 1918233, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works for me.", "timestamp": "2021-01-23 17:07:27", "update_id": 274227, "user_id": 273, "id": 1833300, "testcase_feedback": [], "user": {"name": "wolnei", "email": "e@wolnei.com.br", "id": 273, "avatar": "https://seccdn.libravatar.org/avatar/80619c350617edf030f2667bd8ffe77ff68f515022f339677c4571a0b2ec8296?s=24&d=retro", "openid": "wolnei.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "triagers"}, {"name": "advocates"}]}}}, {"karma": 0, "comment_id": 1832161, "bug_id": 1918233, "comment": {"karma": 0, "karma_critpath": 0, "text": "I'm not sure that 'disabling' sync that early before EOL is the best option.\nMessage and link popping up under toolbar does not explain what's going on and what the user can do about it: https://www.chromium.org/developers/how-tos/api-keys\n\nIt would be great to replace it with a link to some quick-doc explaining what and why will happen in March and what to do about it (that Firefox can import most data and sync it between multiple devices and platforms). Maybe in the meantime some alternative will arise, e.g. Firefox Sync adapted in Chromium or other synchronization engine, after all many distros will have this problem and probably some devs rely on that feature.\n\nI'm using Chromium just to test website compatibility, but I installed or recommended it for many non-technical users as a Chrome replacement. I'm pretty sure most users don't check bodhi and won't know what hit them.", "timestamp": "2021-01-22 21:24:10", "update_id": 274227, "user_id": 3674, "id": 1832161, "testcase_feedback": [], "user": {"name": "ozeszty", "email": "ozeszty@gmail.com", "id": 3674, "avatar": "https://seccdn.libravatar.org/avatar/9aeace02fa2d54f1f5febd3460182261a6a518035ea75cc9d788240d6e669cbe?s=24&d=retro", "openid": "ozeszty.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918233, "comment": {"karma": 1, "karma_critpath": 0, "text": "I'll always prefer chromium over chrome. Thank you for your work.", "timestamp": "2021-01-24 07:17:56", "update_id": 274228, "user_id": 4054, "id": 1833870, "testcase_feedback": [], "user": {"name": "boycottsystemd1", "email": "boycottsystemd@yahoo.com", "id": 4054, "avatar": "https://seccdn.libravatar.org/avatar/72822ae5aa82ed9dc6cb7bb35646270744387f81df9ec50d2903e8d4e0bd8691?s=24&d=retro", "openid": "boycottsystemd1.id.fedoraproject.org", "groups": [{"name": "ipausers"}]}}}, {"karma": 0, "comment_id": 1832013, "bug_id": 1918233, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-22 19:12:00", "update_id": 274227, "user_id": 2935, "id": 1832013, "testcase_feedback": [], "user": {"name": "imabug", "email": "eugenemah@gmail.com", "id": 2935, "avatar": "https://seccdn.libravatar.org/avatar/ea8ba927783ee0ef10e6f05f14791abf925972bac4f31aba458058d3e7907a6d?s=24&d=retro", "openid": "imabug.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedora-hams"}]}}}, {"karma": 0, "comment_id": 1833107, "bug_id": 1918233, "comment": {"karma": 1, "karma_critpath": 0, "text": "Firefox FTW!", "timestamp": "2021-01-23 13:37:43", "update_id": 274227, "user_id": 4120, "id": 1833107, "testcase_feedback": [], "user": {"name": "atim", "email": "ego.cordatus@gmail.com", "id": 4120, "avatar": "https://seccdn.libravatar.org/avatar/8c3a317a13d88ca7421098b94cce0501c97ca2283e7139c4992df34f6218fb3b?s=24&d=retro", "openid": "atim.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "rust-sig"}]}}}, {"karma": 0, "comment_id": 1833372, "bug_id": 1918233, "comment": {"karma": 1, "karma_critpath": 0, "text": "**Thank you for maintaining the rpm !**", "timestamp": "2021-01-23 19:00:03", "update_id": 274227, "user_id": 6171, "id": 1833372, "testcase_feedback": [], "user": {"name": "x3dsf", "email": "talktofergus@gmail.com", "id": 6171, "avatar": "https://seccdn.libravatar.org/avatar/d05ae1bb65ea90306d28213b40ba72ff40de91b48767b282b0ae4f6a9fdee9f5?s=24&d=retro", "openid": "x3dsf.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1833207, "bug_id": 1918233, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-23 15:35:29", "update_id": 274227, "user_id": 5791, "id": 1833207, "testcase_feedback": [], "user": {"name": "pampelmuse", "email": "pampelmuse@gmx.at", "id": 5791, "avatar": "https://seccdn.libravatar.org/avatar/bb6c6342bfedc934915501150e118faf015cde0f79677ee978989c5234cd8b1b?s=24&d=retro", "openid": "pampelmuse.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 0, "comment_id": 1833904, "bug_id": 1918233, "comment": {"karma": 1, "karma_critpath": 0, "text": "Thank you for maintaining this package and for 'ripping the patch' up front, without adding a long pain to it. \nAlso, for whoever is here asking themselves if there is a fully functional browser with sync-ing capabilities, the answer is yes: Firefox. ;-)\n", "timestamp": "2021-01-24 08:40:50", "update_id": 274227, "user_id": 4635, "id": 1833904, "testcase_feedback": [], "user": {"name": "ckristi", "email": "ckristi@gmail.com", "id": 4635, "avatar": "https://seccdn.libravatar.org/avatar/7470b7723a1569ad482dd778bfca90f0f22571f574746af4f90a84b55d52d90f?s=24&d=retro", "openid": "ckristi.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1835458, "bug_id": 1918233, "comment": {"karma": 0, "karma_critpath": 0, "text": "Please consider keeping the package updated going forward.\n\nWhile sync is certainly a useful feature, it's entirely possible to use Chromium without ever enabling it; some people might even consider the removal of this Google-specific functionality an improvement.\n\nFirefox is a very valid alternative, and what I personally use, but the fact that the two browsers use different engines makes it quite valuable to have both in the distribution.", "timestamp": "2021-01-24 23:16:22", "update_id": 274227, "user_id": 5346, "id": 1835458, "testcase_feedback": [], "user": {"name": "abologna", "email": "eof@kiyuko.org", "id": 5346, "avatar": "https://seccdn.libravatar.org/avatar/b3a32a0d2dcf11525bcda6c548a2e371fefce6e356c3761abeb43c51e38d320e?s=24&d=retro", "openid": "abologna.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "wikiedit"}, {"name": "kubevirt"}]}}}, {"karma": 0, "comment_id": 1836831, "bug_id": 1918233, "comment": {"karma": 0, "karma_critpath": 0, "text": "Is removal actually correct? The email thread says that APIs like safe browsing are still available, but they won't be any longer if the API keys get removed.", "timestamp": "2021-01-25 18:38:52", "update_id": 274227, "user_id": 4713, "id": 1836831, "testcase_feedback": [], "user": {"name": "refi64", "email": "rymg19@gmail.com", "id": 4713, "avatar": "https://seccdn.libravatar.org/avatar/46c688fd5c97a57db2e5d09d34cc92fb478308e4abf18ecd6bc2cc6de397b57d?s=24&d=retro", "openid": "refi64.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1839212, "bug_id": 1918233, "comment": {"karma": 0, "karma_critpath": 0, "text": "I would say replace the package with Ungoogled Chromium. This is effectively the same to end-users once the APIs are blocked, with one major gain which is complete google APIs block and removal at user-end to prevent any tracking act by google. ", "timestamp": "2021-01-27 05:44:28", "update_id": 274227, "user_id": 6181, "id": 1839212, "testcase_feedback": [], "user": {"name": "mahmoudajawad", "email": "m.abduljawad@hey.com", "id": 6181, "avatar": "https://seccdn.libravatar.org/avatar/8ca985ad1641c9cf4f27302a22af8e585a6394f11d7c68dfbd10a579280a022f?s=24&d=retro", "openid": "mahmoudajawad.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918233, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thanks a lot @spot for your work in maintaining chromium. I can assure you that we (cockpit team) depend on having a good Chromium Fedora package, and that your effort is much appreciated!\n\nHonestly I have a hard time shedding a lot of emotions about this. People who care about not using Google proprietary stuff (like me, although I use Firefox on desktop and phone) shouldn't/won't use  the proprietary bookmark sync either; and people who don't care will either not care much about using chrome vs. chromium?", "timestamp": "2021-01-27 09:10:47", "update_id": 274228, "user_id": 3506, "id": 1839392, "testcase_feedback": [], "user": {"name": "martinpitt", "email": "mpitt@redhat.com", "id": 3506, "avatar": "https://seccdn.libravatar.org/avatar/a6a00790fadaca10623f4464437e482d4ec110fe331397506ea9fe2664bec740?s=24&d=retro", "openid": "martinpitt.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "cockpitteam"}, {"name": "ocp-cico-cockpit"}]}}}, {"karma": 0, "comment_id": 1843772, "bug_id": 1918233, "comment": {"karma": 0, "karma_critpath": 0, "text": "Personally I don't care one bit for Sync of Geolocation services. Those are one of the first things I try disable when using a browser. The warning at the startup however made me think it was a far more serious change that could hurt browsing security. I would keep the package, if I wanted the full Google experience I'd stick with Google Chrome.", "timestamp": "2021-01-29 13:18:23", "update_id": 274227, "user_id": 6192, "id": 1843772, "testcase_feedback": [], "user": {"name": "vedora", "email": "weetjenu@protonmail.com", "id": 6192, "avatar": "https://seccdn.libravatar.org/avatar/661ef5fab323bf214decbd6867540656fcc4181e6de41aa37a3a05ecd429a9a6?s=24&d=retro", "openid": "vedora.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1883793, "bug_id": 1918233, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thank you for continuing to maintain the package! Your builds so far have been top notch and this persuaded me to switch to Chromium partly (earlier a full fledged Firefox user, from way back when I was using Windows). It is indeed a real shame that Google has <sha> let us all down so much! Considering how much they use Linux: Linux apps are the closest to an actual ecosystem on ChromiumOS, they regularly let their open source projects AOSP and Chromium (OS)) wither away..\n\nAs I have also posted on arnoldthebat's update (https://arnoldthebat.co.uk/wordpress/2021/02/10/important-update/comment-page-1/?unapproved=114658&moderation-hash=1f39af0354eeb66a2907c367d1c07e47#comment-114658), and as echoed in this (https://www.techrepublic.com/article/google-stripping-chromium-of-certain-api-access-is-an-opportunity-for-the-browser-to-shine/), is it potentially possible for us to use our own form of syncing for Chromium browsers alone? There are a lot of open source devs who maintain the browser, and in arnold's case, the OS, and easily 3x as many users who need it to get away from the bad tech giant. Maybe such an API should help us get away for good.. (I personally can help test this on a phone and my laptop, on atleast 3 distributions and Android, and if I could, would love to help with the code as well (I went into the medical field #( ), and I do think all of us can band together for a while to get Chromium back to where it was)", "timestamp": "2021-02-12 08:38:37", "update_id": 274227, "user_id": 6222, "id": 1883793, "testcase_feedback": [], "user": {"name": "djremo", "email": "sidharth.sundaresan@gmail.com", "id": 6222, "avatar": "https://seccdn.libravatar.org/avatar/a0124676ecb3849c13610fbb482fcf48d33d7098e712ca7b49b56e01760cc7f9?s=24&d=retro", "openid": "djremo.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1912121, "bug_id": 1918233, "comment": {"karma": 1, "karma_critpath": 0, "text": "WoW! I started to use Chromium a while back, and it was glorious. Thank you for making Chromium for the masses; everyone owes you a great debt of gratitude. What you did was awesome, and it is sad. I am not much of a coder, but I am a philosopher, and I offer a eulogy (yeah, it's a program, I know; I have not lost it, work with me here).\n\nToday, I eulogize something beautiful under the most tragic of circumstances. It is like the death of a child, something created and has part of that creator in it. We are left with the questions of what if and why. It was not due to a faceless disease or defect inherited from the parents; it was murder. We know who did it. The killer is someone that we once gladly welcomed into our home. We trusted them with our personal communications, our many questions, and the records of our lives, all with the singular promise not to be evil. That was the first lie, but not the last. \n\nThe friend that we once trusted turned on us, and in secret, they practiced the dark arts and were possessed with the spirit of Google (for they are too many). Today, they have killed their brother Chromium, and his code still cries out from the ground, but are we listening? Power corrupts, and absolute power corrupts absolutely, and now they have become death: the destroyer of worlds. \n\nPrince Chromium is dead, and now we are left with his useless brother sitting on the throne and breaking nuts with the royal seal. The King is dead; long live the king; now, what about us?", "timestamp": "2021-03-02 08:02:43", "update_id": 274227, "user_id": 6267, "id": 1912121, "testcase_feedback": [], "user": {"name": "whstoermer", "email": "whs_1984@hotmail.com", "id": 6267, "avatar": "https://seccdn.libravatar.org/avatar/ef94db85e17e29d82cb493106dd7fc9700940263b168aa427444855ac703c066?s=24&d=retro", "openid": "whstoermer.id.fedoraproject.org", "groups": []}}}]}, {"bug_id": 1918235, "title": "CVE-2021-21134 chromium-browser: Incorrect security UI in Page Info", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 1833300, "bug_id": 1918235, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works for me.", "timestamp": "2021-01-23 17:07:27", "update_id": 274227, "user_id": 273, "id": 1833300, "testcase_feedback": [], "user": {"name": "wolnei", "email": "e@wolnei.com.br", "id": 273, "avatar": "https://seccdn.libravatar.org/avatar/80619c350617edf030f2667bd8ffe77ff68f515022f339677c4571a0b2ec8296?s=24&d=retro", "openid": "wolnei.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "triagers"}, {"name": "advocates"}]}}}, {"karma": 0, "comment_id": 1832161, "bug_id": 1918235, "comment": {"karma": 0, "karma_critpath": 0, "text": "I'm not sure that 'disabling' sync that early before EOL is the best option.\nMessage and link popping up under toolbar does not explain what's going on and what the user can do about it: https://www.chromium.org/developers/how-tos/api-keys\n\nIt would be great to replace it with a link to some quick-doc explaining what and why will happen in March and what to do about it (that Firefox can import most data and sync it between multiple devices and platforms). Maybe in the meantime some alternative will arise, e.g. Firefox Sync adapted in Chromium or other synchronization engine, after all many distros will have this problem and probably some devs rely on that feature.\n\nI'm using Chromium just to test website compatibility, but I installed or recommended it for many non-technical users as a Chrome replacement. I'm pretty sure most users don't check bodhi and won't know what hit them.", "timestamp": "2021-01-22 21:24:10", "update_id": 274227, "user_id": 3674, "id": 1832161, "testcase_feedback": [], "user": {"name": "ozeszty", "email": "ozeszty@gmail.com", "id": 3674, "avatar": "https://seccdn.libravatar.org/avatar/9aeace02fa2d54f1f5febd3460182261a6a518035ea75cc9d788240d6e669cbe?s=24&d=retro", "openid": "ozeszty.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918235, "comment": {"karma": 1, "karma_critpath": 0, "text": "I'll always prefer chromium over chrome. Thank you for your work.", "timestamp": "2021-01-24 07:17:56", "update_id": 274228, "user_id": 4054, "id": 1833870, "testcase_feedback": [], "user": {"name": "boycottsystemd1", "email": "boycottsystemd@yahoo.com", "id": 4054, "avatar": "https://seccdn.libravatar.org/avatar/72822ae5aa82ed9dc6cb7bb35646270744387f81df9ec50d2903e8d4e0bd8691?s=24&d=retro", "openid": "boycottsystemd1.id.fedoraproject.org", "groups": [{"name": "ipausers"}]}}}, {"karma": 0, "comment_id": 1832013, "bug_id": 1918235, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-22 19:12:00", "update_id": 274227, "user_id": 2935, "id": 1832013, "testcase_feedback": [], "user": {"name": "imabug", "email": "eugenemah@gmail.com", "id": 2935, "avatar": "https://seccdn.libravatar.org/avatar/ea8ba927783ee0ef10e6f05f14791abf925972bac4f31aba458058d3e7907a6d?s=24&d=retro", "openid": "imabug.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedora-hams"}]}}}, {"karma": 0, "comment_id": 1833107, "bug_id": 1918235, "comment": {"karma": 1, "karma_critpath": 0, "text": "Firefox FTW!", "timestamp": "2021-01-23 13:37:43", "update_id": 274227, "user_id": 4120, "id": 1833107, "testcase_feedback": [], "user": {"name": "atim", "email": "ego.cordatus@gmail.com", "id": 4120, "avatar": "https://seccdn.libravatar.org/avatar/8c3a317a13d88ca7421098b94cce0501c97ca2283e7139c4992df34f6218fb3b?s=24&d=retro", "openid": "atim.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "rust-sig"}]}}}, {"karma": 0, "comment_id": 1833372, "bug_id": 1918235, "comment": {"karma": 1, "karma_critpath": 0, "text": "**Thank you for maintaining the rpm !**", "timestamp": "2021-01-23 19:00:03", "update_id": 274227, "user_id": 6171, "id": 1833372, "testcase_feedback": [], "user": {"name": "x3dsf", "email": "talktofergus@gmail.com", "id": 6171, "avatar": "https://seccdn.libravatar.org/avatar/d05ae1bb65ea90306d28213b40ba72ff40de91b48767b282b0ae4f6a9fdee9f5?s=24&d=retro", "openid": "x3dsf.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1833207, "bug_id": 1918235, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-23 15:35:29", "update_id": 274227, "user_id": 5791, "id": 1833207, "testcase_feedback": [], "user": {"name": "pampelmuse", "email": "pampelmuse@gmx.at", "id": 5791, "avatar": "https://seccdn.libravatar.org/avatar/bb6c6342bfedc934915501150e118faf015cde0f79677ee978989c5234cd8b1b?s=24&d=retro", "openid": "pampelmuse.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 0, "comment_id": 1833904, "bug_id": 1918235, "comment": {"karma": 1, "karma_critpath": 0, "text": "Thank you for maintaining this package and for 'ripping the patch' up front, without adding a long pain to it. \nAlso, for whoever is here asking themselves if there is a fully functional browser with sync-ing capabilities, the answer is yes: Firefox. ;-)\n", "timestamp": "2021-01-24 08:40:50", "update_id": 274227, "user_id": 4635, "id": 1833904, "testcase_feedback": [], "user": {"name": "ckristi", "email": "ckristi@gmail.com", "id": 4635, "avatar": "https://seccdn.libravatar.org/avatar/7470b7723a1569ad482dd778bfca90f0f22571f574746af4f90a84b55d52d90f?s=24&d=retro", "openid": "ckristi.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1835458, "bug_id": 1918235, "comment": {"karma": 0, "karma_critpath": 0, "text": "Please consider keeping the package updated going forward.\n\nWhile sync is certainly a useful feature, it's entirely possible to use Chromium without ever enabling it; some people might even consider the removal of this Google-specific functionality an improvement.\n\nFirefox is a very valid alternative, and what I personally use, but the fact that the two browsers use different engines makes it quite valuable to have both in the distribution.", "timestamp": "2021-01-24 23:16:22", "update_id": 274227, "user_id": 5346, "id": 1835458, "testcase_feedback": [], "user": {"name": "abologna", "email": "eof@kiyuko.org", "id": 5346, "avatar": "https://seccdn.libravatar.org/avatar/b3a32a0d2dcf11525bcda6c548a2e371fefce6e356c3761abeb43c51e38d320e?s=24&d=retro", "openid": "abologna.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "wikiedit"}, {"name": "kubevirt"}]}}}, {"karma": 0, "comment_id": 1836831, "bug_id": 1918235, "comment": {"karma": 0, "karma_critpath": 0, "text": "Is removal actually correct? The email thread says that APIs like safe browsing are still available, but they won't be any longer if the API keys get removed.", "timestamp": "2021-01-25 18:38:52", "update_id": 274227, "user_id": 4713, "id": 1836831, "testcase_feedback": [], "user": {"name": "refi64", "email": "rymg19@gmail.com", "id": 4713, "avatar": "https://seccdn.libravatar.org/avatar/46c688fd5c97a57db2e5d09d34cc92fb478308e4abf18ecd6bc2cc6de397b57d?s=24&d=retro", "openid": "refi64.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1839212, "bug_id": 1918235, "comment": {"karma": 0, "karma_critpath": 0, "text": "I would say replace the package with Ungoogled Chromium. This is effectively the same to end-users once the APIs are blocked, with one major gain which is complete google APIs block and removal at user-end to prevent any tracking act by google. ", "timestamp": "2021-01-27 05:44:28", "update_id": 274227, "user_id": 6181, "id": 1839212, "testcase_feedback": [], "user": {"name": "mahmoudajawad", "email": "m.abduljawad@hey.com", "id": 6181, "avatar": "https://seccdn.libravatar.org/avatar/8ca985ad1641c9cf4f27302a22af8e585a6394f11d7c68dfbd10a579280a022f?s=24&d=retro", "openid": "mahmoudajawad.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918235, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thanks a lot @spot for your work in maintaining chromium. I can assure you that we (cockpit team) depend on having a good Chromium Fedora package, and that your effort is much appreciated!\n\nHonestly I have a hard time shedding a lot of emotions about this. People who care about not using Google proprietary stuff (like me, although I use Firefox on desktop and phone) shouldn't/won't use  the proprietary bookmark sync either; and people who don't care will either not care much about using chrome vs. chromium?", "timestamp": "2021-01-27 09:10:47", "update_id": 274228, "user_id": 3506, "id": 1839392, "testcase_feedback": [], "user": {"name": "martinpitt", "email": "mpitt@redhat.com", "id": 3506, "avatar": "https://seccdn.libravatar.org/avatar/a6a00790fadaca10623f4464437e482d4ec110fe331397506ea9fe2664bec740?s=24&d=retro", "openid": "martinpitt.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "cockpitteam"}, {"name": "ocp-cico-cockpit"}]}}}, {"karma": 0, "comment_id": 1843772, "bug_id": 1918235, "comment": {"karma": 0, "karma_critpath": 0, "text": "Personally I don't care one bit for Sync of Geolocation services. Those are one of the first things I try disable when using a browser. The warning at the startup however made me think it was a far more serious change that could hurt browsing security. I would keep the package, if I wanted the full Google experience I'd stick with Google Chrome.", "timestamp": "2021-01-29 13:18:23", "update_id": 274227, "user_id": 6192, "id": 1843772, "testcase_feedback": [], "user": {"name": "vedora", "email": "weetjenu@protonmail.com", "id": 6192, "avatar": "https://seccdn.libravatar.org/avatar/661ef5fab323bf214decbd6867540656fcc4181e6de41aa37a3a05ecd429a9a6?s=24&d=retro", "openid": "vedora.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1883793, "bug_id": 1918235, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thank you for continuing to maintain the package! Your builds so far have been top notch and this persuaded me to switch to Chromium partly (earlier a full fledged Firefox user, from way back when I was using Windows). It is indeed a real shame that Google has <sha> let us all down so much! Considering how much they use Linux: Linux apps are the closest to an actual ecosystem on ChromiumOS, they regularly let their open source projects AOSP and Chromium (OS)) wither away..\n\nAs I have also posted on arnoldthebat's update (https://arnoldthebat.co.uk/wordpress/2021/02/10/important-update/comment-page-1/?unapproved=114658&moderation-hash=1f39af0354eeb66a2907c367d1c07e47#comment-114658), and as echoed in this (https://www.techrepublic.com/article/google-stripping-chromium-of-certain-api-access-is-an-opportunity-for-the-browser-to-shine/), is it potentially possible for us to use our own form of syncing for Chromium browsers alone? There are a lot of open source devs who maintain the browser, and in arnold's case, the OS, and easily 3x as many users who need it to get away from the bad tech giant. Maybe such an API should help us get away for good.. (I personally can help test this on a phone and my laptop, on atleast 3 distributions and Android, and if I could, would love to help with the code as well (I went into the medical field #( ), and I do think all of us can band together for a while to get Chromium back to where it was)", "timestamp": "2021-02-12 08:38:37", "update_id": 274227, "user_id": 6222, "id": 1883793, "testcase_feedback": [], "user": {"name": "djremo", "email": "sidharth.sundaresan@gmail.com", "id": 6222, "avatar": "https://seccdn.libravatar.org/avatar/a0124676ecb3849c13610fbb482fcf48d33d7098e712ca7b49b56e01760cc7f9?s=24&d=retro", "openid": "djremo.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1912121, "bug_id": 1918235, "comment": {"karma": 1, "karma_critpath": 0, "text": "WoW! I started to use Chromium a while back, and it was glorious. Thank you for making Chromium for the masses; everyone owes you a great debt of gratitude. What you did was awesome, and it is sad. I am not much of a coder, but I am a philosopher, and I offer a eulogy (yeah, it's a program, I know; I have not lost it, work with me here).\n\nToday, I eulogize something beautiful under the most tragic of circumstances. It is like the death of a child, something created and has part of that creator in it. We are left with the questions of what if and why. It was not due to a faceless disease or defect inherited from the parents; it was murder. We know who did it. The killer is someone that we once gladly welcomed into our home. We trusted them with our personal communications, our many questions, and the records of our lives, all with the singular promise not to be evil. That was the first lie, but not the last. \n\nThe friend that we once trusted turned on us, and in secret, they practiced the dark arts and were possessed with the spirit of Google (for they are too many). Today, they have killed their brother Chromium, and his code still cries out from the ground, but are we listening? Power corrupts, and absolute power corrupts absolutely, and now they have become death: the destroyer of worlds. \n\nPrince Chromium is dead, and now we are left with his useless brother sitting on the throne and breaking nuts with the royal seal. The King is dead; long live the king; now, what about us?", "timestamp": "2021-03-02 08:02:43", "update_id": 274227, "user_id": 6267, "id": 1912121, "testcase_feedback": [], "user": {"name": "whstoermer", "email": "whs_1984@hotmail.com", "id": 6267, "avatar": "https://seccdn.libravatar.org/avatar/ef94db85e17e29d82cb493106dd7fc9700940263b168aa427444855ac703c066?s=24&d=retro", "openid": "whstoermer.id.fedoraproject.org", "groups": []}}}]}, {"bug_id": 1918236, "title": "CVE-2021-21135 chromium-browser: Inappropriate implementation in Performance API", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 1833300, "bug_id": 1918236, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works for me.", "timestamp": "2021-01-23 17:07:27", "update_id": 274227, "user_id": 273, "id": 1833300, "testcase_feedback": [], "user": {"name": "wolnei", "email": "e@wolnei.com.br", "id": 273, "avatar": "https://seccdn.libravatar.org/avatar/80619c350617edf030f2667bd8ffe77ff68f515022f339677c4571a0b2ec8296?s=24&d=retro", "openid": "wolnei.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "triagers"}, {"name": "advocates"}]}}}, {"karma": 0, "comment_id": 1832161, "bug_id": 1918236, "comment": {"karma": 0, "karma_critpath": 0, "text": "I'm not sure that 'disabling' sync that early before EOL is the best option.\nMessage and link popping up under toolbar does not explain what's going on and what the user can do about it: https://www.chromium.org/developers/how-tos/api-keys\n\nIt would be great to replace it with a link to some quick-doc explaining what and why will happen in March and what to do about it (that Firefox can import most data and sync it between multiple devices and platforms). Maybe in the meantime some alternative will arise, e.g. Firefox Sync adapted in Chromium or other synchronization engine, after all many distros will have this problem and probably some devs rely on that feature.\n\nI'm using Chromium just to test website compatibility, but I installed or recommended it for many non-technical users as a Chrome replacement. I'm pretty sure most users don't check bodhi and won't know what hit them.", "timestamp": "2021-01-22 21:24:10", "update_id": 274227, "user_id": 3674, "id": 1832161, "testcase_feedback": [], "user": {"name": "ozeszty", "email": "ozeszty@gmail.com", "id": 3674, "avatar": "https://seccdn.libravatar.org/avatar/9aeace02fa2d54f1f5febd3460182261a6a518035ea75cc9d788240d6e669cbe?s=24&d=retro", "openid": "ozeszty.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918236, "comment": {"karma": 1, "karma_critpath": 0, "text": "I'll always prefer chromium over chrome. Thank you for your work.", "timestamp": "2021-01-24 07:17:56", "update_id": 274228, "user_id": 4054, "id": 1833870, "testcase_feedback": [], "user": {"name": "boycottsystemd1", "email": "boycottsystemd@yahoo.com", "id": 4054, "avatar": "https://seccdn.libravatar.org/avatar/72822ae5aa82ed9dc6cb7bb35646270744387f81df9ec50d2903e8d4e0bd8691?s=24&d=retro", "openid": "boycottsystemd1.id.fedoraproject.org", "groups": [{"name": "ipausers"}]}}}, {"karma": 0, "comment_id": 1832013, "bug_id": 1918236, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-22 19:12:00", "update_id": 274227, "user_id": 2935, "id": 1832013, "testcase_feedback": [], "user": {"name": "imabug", "email": "eugenemah@gmail.com", "id": 2935, "avatar": "https://seccdn.libravatar.org/avatar/ea8ba927783ee0ef10e6f05f14791abf925972bac4f31aba458058d3e7907a6d?s=24&d=retro", "openid": "imabug.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedora-hams"}]}}}, {"karma": 0, "comment_id": 1833107, "bug_id": 1918236, "comment": {"karma": 1, "karma_critpath": 0, "text": "Firefox FTW!", "timestamp": "2021-01-23 13:37:43", "update_id": 274227, "user_id": 4120, "id": 1833107, "testcase_feedback": [], "user": {"name": "atim", "email": "ego.cordatus@gmail.com", "id": 4120, "avatar": "https://seccdn.libravatar.org/avatar/8c3a317a13d88ca7421098b94cce0501c97ca2283e7139c4992df34f6218fb3b?s=24&d=retro", "openid": "atim.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "rust-sig"}]}}}, {"karma": 0, "comment_id": 1833372, "bug_id": 1918236, "comment": {"karma": 1, "karma_critpath": 0, "text": "**Thank you for maintaining the rpm !**", "timestamp": "2021-01-23 19:00:03", "update_id": 274227, "user_id": 6171, "id": 1833372, "testcase_feedback": [], "user": {"name": "x3dsf", "email": "talktofergus@gmail.com", "id": 6171, "avatar": "https://seccdn.libravatar.org/avatar/d05ae1bb65ea90306d28213b40ba72ff40de91b48767b282b0ae4f6a9fdee9f5?s=24&d=retro", "openid": "x3dsf.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1833207, "bug_id": 1918236, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-23 15:35:29", "update_id": 274227, "user_id": 5791, "id": 1833207, "testcase_feedback": [], "user": {"name": "pampelmuse", "email": "pampelmuse@gmx.at", "id": 5791, "avatar": "https://seccdn.libravatar.org/avatar/bb6c6342bfedc934915501150e118faf015cde0f79677ee978989c5234cd8b1b?s=24&d=retro", "openid": "pampelmuse.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 0, "comment_id": 1833904, "bug_id": 1918236, "comment": {"karma": 1, "karma_critpath": 0, "text": "Thank you for maintaining this package and for 'ripping the patch' up front, without adding a long pain to it. \nAlso, for whoever is here asking themselves if there is a fully functional browser with sync-ing capabilities, the answer is yes: Firefox. ;-)\n", "timestamp": "2021-01-24 08:40:50", "update_id": 274227, "user_id": 4635, "id": 1833904, "testcase_feedback": [], "user": {"name": "ckristi", "email": "ckristi@gmail.com", "id": 4635, "avatar": "https://seccdn.libravatar.org/avatar/7470b7723a1569ad482dd778bfca90f0f22571f574746af4f90a84b55d52d90f?s=24&d=retro", "openid": "ckristi.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1835458, "bug_id": 1918236, "comment": {"karma": 0, "karma_critpath": 0, "text": "Please consider keeping the package updated going forward.\n\nWhile sync is certainly a useful feature, it's entirely possible to use Chromium without ever enabling it; some people might even consider the removal of this Google-specific functionality an improvement.\n\nFirefox is a very valid alternative, and what I personally use, but the fact that the two browsers use different engines makes it quite valuable to have both in the distribution.", "timestamp": "2021-01-24 23:16:22", "update_id": 274227, "user_id": 5346, "id": 1835458, "testcase_feedback": [], "user": {"name": "abologna", "email": "eof@kiyuko.org", "id": 5346, "avatar": "https://seccdn.libravatar.org/avatar/b3a32a0d2dcf11525bcda6c548a2e371fefce6e356c3761abeb43c51e38d320e?s=24&d=retro", "openid": "abologna.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "wikiedit"}, {"name": "kubevirt"}]}}}, {"karma": 0, "comment_id": 1836831, "bug_id": 1918236, "comment": {"karma": 0, "karma_critpath": 0, "text": "Is removal actually correct? The email thread says that APIs like safe browsing are still available, but they won't be any longer if the API keys get removed.", "timestamp": "2021-01-25 18:38:52", "update_id": 274227, "user_id": 4713, "id": 1836831, "testcase_feedback": [], "user": {"name": "refi64", "email": "rymg19@gmail.com", "id": 4713, "avatar": "https://seccdn.libravatar.org/avatar/46c688fd5c97a57db2e5d09d34cc92fb478308e4abf18ecd6bc2cc6de397b57d?s=24&d=retro", "openid": "refi64.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1839212, "bug_id": 1918236, "comment": {"karma": 0, "karma_critpath": 0, "text": "I would say replace the package with Ungoogled Chromium. This is effectively the same to end-users once the APIs are blocked, with one major gain which is complete google APIs block and removal at user-end to prevent any tracking act by google. ", "timestamp": "2021-01-27 05:44:28", "update_id": 274227, "user_id": 6181, "id": 1839212, "testcase_feedback": [], "user": {"name": "mahmoudajawad", "email": "m.abduljawad@hey.com", "id": 6181, "avatar": "https://seccdn.libravatar.org/avatar/8ca985ad1641c9cf4f27302a22af8e585a6394f11d7c68dfbd10a579280a022f?s=24&d=retro", "openid": "mahmoudajawad.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918236, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thanks a lot @spot for your work in maintaining chromium. I can assure you that we (cockpit team) depend on having a good Chromium Fedora package, and that your effort is much appreciated!\n\nHonestly I have a hard time shedding a lot of emotions about this. People who care about not using Google proprietary stuff (like me, although I use Firefox on desktop and phone) shouldn't/won't use  the proprietary bookmark sync either; and people who don't care will either not care much about using chrome vs. chromium?", "timestamp": "2021-01-27 09:10:47", "update_id": 274228, "user_id": 3506, "id": 1839392, "testcase_feedback": [], "user": {"name": "martinpitt", "email": "mpitt@redhat.com", "id": 3506, "avatar": "https://seccdn.libravatar.org/avatar/a6a00790fadaca10623f4464437e482d4ec110fe331397506ea9fe2664bec740?s=24&d=retro", "openid": "martinpitt.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "cockpitteam"}, {"name": "ocp-cico-cockpit"}]}}}, {"karma": 0, "comment_id": 1843772, "bug_id": 1918236, "comment": {"karma": 0, "karma_critpath": 0, "text": "Personally I don't care one bit for Sync of Geolocation services. Those are one of the first things I try disable when using a browser. The warning at the startup however made me think it was a far more serious change that could hurt browsing security. I would keep the package, if I wanted the full Google experience I'd stick with Google Chrome.", "timestamp": "2021-01-29 13:18:23", "update_id": 274227, "user_id": 6192, "id": 1843772, "testcase_feedback": [], "user": {"name": "vedora", "email": "weetjenu@protonmail.com", "id": 6192, "avatar": "https://seccdn.libravatar.org/avatar/661ef5fab323bf214decbd6867540656fcc4181e6de41aa37a3a05ecd429a9a6?s=24&d=retro", "openid": "vedora.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1883793, "bug_id": 1918236, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thank you for continuing to maintain the package! Your builds so far have been top notch and this persuaded me to switch to Chromium partly (earlier a full fledged Firefox user, from way back when I was using Windows). It is indeed a real shame that Google has <sha> let us all down so much! Considering how much they use Linux: Linux apps are the closest to an actual ecosystem on ChromiumOS, they regularly let their open source projects AOSP and Chromium (OS)) wither away..\n\nAs I have also posted on arnoldthebat's update (https://arnoldthebat.co.uk/wordpress/2021/02/10/important-update/comment-page-1/?unapproved=114658&moderation-hash=1f39af0354eeb66a2907c367d1c07e47#comment-114658), and as echoed in this (https://www.techrepublic.com/article/google-stripping-chromium-of-certain-api-access-is-an-opportunity-for-the-browser-to-shine/), is it potentially possible for us to use our own form of syncing for Chromium browsers alone? There are a lot of open source devs who maintain the browser, and in arnold's case, the OS, and easily 3x as many users who need it to get away from the bad tech giant. Maybe such an API should help us get away for good.. (I personally can help test this on a phone and my laptop, on atleast 3 distributions and Android, and if I could, would love to help with the code as well (I went into the medical field #( ), and I do think all of us can band together for a while to get Chromium back to where it was)", "timestamp": "2021-02-12 08:38:37", "update_id": 274227, "user_id": 6222, "id": 1883793, "testcase_feedback": [], "user": {"name": "djremo", "email": "sidharth.sundaresan@gmail.com", "id": 6222, "avatar": "https://seccdn.libravatar.org/avatar/a0124676ecb3849c13610fbb482fcf48d33d7098e712ca7b49b56e01760cc7f9?s=24&d=retro", "openid": "djremo.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1912121, "bug_id": 1918236, "comment": {"karma": 1, "karma_critpath": 0, "text": "WoW! I started to use Chromium a while back, and it was glorious. Thank you for making Chromium for the masses; everyone owes you a great debt of gratitude. What you did was awesome, and it is sad. I am not much of a coder, but I am a philosopher, and I offer a eulogy (yeah, it's a program, I know; I have not lost it, work with me here).\n\nToday, I eulogize something beautiful under the most tragic of circumstances. It is like the death of a child, something created and has part of that creator in it. We are left with the questions of what if and why. It was not due to a faceless disease or defect inherited from the parents; it was murder. We know who did it. The killer is someone that we once gladly welcomed into our home. We trusted them with our personal communications, our many questions, and the records of our lives, all with the singular promise not to be evil. That was the first lie, but not the last. \n\nThe friend that we once trusted turned on us, and in secret, they practiced the dark arts and were possessed with the spirit of Google (for they are too many). Today, they have killed their brother Chromium, and his code still cries out from the ground, but are we listening? Power corrupts, and absolute power corrupts absolutely, and now they have become death: the destroyer of worlds. \n\nPrince Chromium is dead, and now we are left with his useless brother sitting on the throne and breaking nuts with the royal seal. The King is dead; long live the king; now, what about us?", "timestamp": "2021-03-02 08:02:43", "update_id": 274227, "user_id": 6267, "id": 1912121, "testcase_feedback": [], "user": {"name": "whstoermer", "email": "whs_1984@hotmail.com", "id": 6267, "avatar": "https://seccdn.libravatar.org/avatar/ef94db85e17e29d82cb493106dd7fc9700940263b168aa427444855ac703c066?s=24&d=retro", "openid": "whstoermer.id.fedoraproject.org", "groups": []}}}]}, {"bug_id": 1918237, "title": "CVE-2021-21136 chromium-browser: Insufficient policy enforcement in WebView", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 1833300, "bug_id": 1918237, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works for me.", "timestamp": "2021-01-23 17:07:27", "update_id": 274227, "user_id": 273, "id": 1833300, "testcase_feedback": [], "user": {"name": "wolnei", "email": "e@wolnei.com.br", "id": 273, "avatar": "https://seccdn.libravatar.org/avatar/80619c350617edf030f2667bd8ffe77ff68f515022f339677c4571a0b2ec8296?s=24&d=retro", "openid": "wolnei.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "triagers"}, {"name": "advocates"}]}}}, {"karma": 0, "comment_id": 1832161, "bug_id": 1918237, "comment": {"karma": 0, "karma_critpath": 0, "text": "I'm not sure that 'disabling' sync that early before EOL is the best option.\nMessage and link popping up under toolbar does not explain what's going on and what the user can do about it: https://www.chromium.org/developers/how-tos/api-keys\n\nIt would be great to replace it with a link to some quick-doc explaining what and why will happen in March and what to do about it (that Firefox can import most data and sync it between multiple devices and platforms). Maybe in the meantime some alternative will arise, e.g. Firefox Sync adapted in Chromium or other synchronization engine, after all many distros will have this problem and probably some devs rely on that feature.\n\nI'm using Chromium just to test website compatibility, but I installed or recommended it for many non-technical users as a Chrome replacement. I'm pretty sure most users don't check bodhi and won't know what hit them.", "timestamp": "2021-01-22 21:24:10", "update_id": 274227, "user_id": 3674, "id": 1832161, "testcase_feedback": [], "user": {"name": "ozeszty", "email": "ozeszty@gmail.com", "id": 3674, "avatar": "https://seccdn.libravatar.org/avatar/9aeace02fa2d54f1f5febd3460182261a6a518035ea75cc9d788240d6e669cbe?s=24&d=retro", "openid": "ozeszty.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918237, "comment": {"karma": 1, "karma_critpath": 0, "text": "I'll always prefer chromium over chrome. Thank you for your work.", "timestamp": "2021-01-24 07:17:56", "update_id": 274228, "user_id": 4054, "id": 1833870, "testcase_feedback": [], "user": {"name": "boycottsystemd1", "email": "boycottsystemd@yahoo.com", "id": 4054, "avatar": "https://seccdn.libravatar.org/avatar/72822ae5aa82ed9dc6cb7bb35646270744387f81df9ec50d2903e8d4e0bd8691?s=24&d=retro", "openid": "boycottsystemd1.id.fedoraproject.org", "groups": [{"name": "ipausers"}]}}}, {"karma": 0, "comment_id": 1832013, "bug_id": 1918237, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-22 19:12:00", "update_id": 274227, "user_id": 2935, "id": 1832013, "testcase_feedback": [], "user": {"name": "imabug", "email": "eugenemah@gmail.com", "id": 2935, "avatar": "https://seccdn.libravatar.org/avatar/ea8ba927783ee0ef10e6f05f14791abf925972bac4f31aba458058d3e7907a6d?s=24&d=retro", "openid": "imabug.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedora-hams"}]}}}, {"karma": 0, "comment_id": 1833107, "bug_id": 1918237, "comment": {"karma": 1, "karma_critpath": 0, "text": "Firefox FTW!", "timestamp": "2021-01-23 13:37:43", "update_id": 274227, "user_id": 4120, "id": 1833107, "testcase_feedback": [], "user": {"name": "atim", "email": "ego.cordatus@gmail.com", "id": 4120, "avatar": "https://seccdn.libravatar.org/avatar/8c3a317a13d88ca7421098b94cce0501c97ca2283e7139c4992df34f6218fb3b?s=24&d=retro", "openid": "atim.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "rust-sig"}]}}}, {"karma": 0, "comment_id": 1833372, "bug_id": 1918237, "comment": {"karma": 1, "karma_critpath": 0, "text": "**Thank you for maintaining the rpm !**", "timestamp": "2021-01-23 19:00:03", "update_id": 274227, "user_id": 6171, "id": 1833372, "testcase_feedback": [], "user": {"name": "x3dsf", "email": "talktofergus@gmail.com", "id": 6171, "avatar": "https://seccdn.libravatar.org/avatar/d05ae1bb65ea90306d28213b40ba72ff40de91b48767b282b0ae4f6a9fdee9f5?s=24&d=retro", "openid": "x3dsf.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1833207, "bug_id": 1918237, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-23 15:35:29", "update_id": 274227, "user_id": 5791, "id": 1833207, "testcase_feedback": [], "user": {"name": "pampelmuse", "email": "pampelmuse@gmx.at", "id": 5791, "avatar": "https://seccdn.libravatar.org/avatar/bb6c6342bfedc934915501150e118faf015cde0f79677ee978989c5234cd8b1b?s=24&d=retro", "openid": "pampelmuse.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 0, "comment_id": 1833904, "bug_id": 1918237, "comment": {"karma": 1, "karma_critpath": 0, "text": "Thank you for maintaining this package and for 'ripping the patch' up front, without adding a long pain to it. \nAlso, for whoever is here asking themselves if there is a fully functional browser with sync-ing capabilities, the answer is yes: Firefox. ;-)\n", "timestamp": "2021-01-24 08:40:50", "update_id": 274227, "user_id": 4635, "id": 1833904, "testcase_feedback": [], "user": {"name": "ckristi", "email": "ckristi@gmail.com", "id": 4635, "avatar": "https://seccdn.libravatar.org/avatar/7470b7723a1569ad482dd778bfca90f0f22571f574746af4f90a84b55d52d90f?s=24&d=retro", "openid": "ckristi.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1835458, "bug_id": 1918237, "comment": {"karma": 0, "karma_critpath": 0, "text": "Please consider keeping the package updated going forward.\n\nWhile sync is certainly a useful feature, it's entirely possible to use Chromium without ever enabling it; some people might even consider the removal of this Google-specific functionality an improvement.\n\nFirefox is a very valid alternative, and what I personally use, but the fact that the two browsers use different engines makes it quite valuable to have both in the distribution.", "timestamp": "2021-01-24 23:16:22", "update_id": 274227, "user_id": 5346, "id": 1835458, "testcase_feedback": [], "user": {"name": "abologna", "email": "eof@kiyuko.org", "id": 5346, "avatar": "https://seccdn.libravatar.org/avatar/b3a32a0d2dcf11525bcda6c548a2e371fefce6e356c3761abeb43c51e38d320e?s=24&d=retro", "openid": "abologna.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "wikiedit"}, {"name": "kubevirt"}]}}}, {"karma": 0, "comment_id": 1836831, "bug_id": 1918237, "comment": {"karma": 0, "karma_critpath": 0, "text": "Is removal actually correct? The email thread says that APIs like safe browsing are still available, but they won't be any longer if the API keys get removed.", "timestamp": "2021-01-25 18:38:52", "update_id": 274227, "user_id": 4713, "id": 1836831, "testcase_feedback": [], "user": {"name": "refi64", "email": "rymg19@gmail.com", "id": 4713, "avatar": "https://seccdn.libravatar.org/avatar/46c688fd5c97a57db2e5d09d34cc92fb478308e4abf18ecd6bc2cc6de397b57d?s=24&d=retro", "openid": "refi64.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1839212, "bug_id": 1918237, "comment": {"karma": 0, "karma_critpath": 0, "text": "I would say replace the package with Ungoogled Chromium. This is effectively the same to end-users once the APIs are blocked, with one major gain which is complete google APIs block and removal at user-end to prevent any tracking act by google. ", "timestamp": "2021-01-27 05:44:28", "update_id": 274227, "user_id": 6181, "id": 1839212, "testcase_feedback": [], "user": {"name": "mahmoudajawad", "email": "m.abduljawad@hey.com", "id": 6181, "avatar": "https://seccdn.libravatar.org/avatar/8ca985ad1641c9cf4f27302a22af8e585a6394f11d7c68dfbd10a579280a022f?s=24&d=retro", "openid": "mahmoudajawad.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918237, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thanks a lot @spot for your work in maintaining chromium. I can assure you that we (cockpit team) depend on having a good Chromium Fedora package, and that your effort is much appreciated!\n\nHonestly I have a hard time shedding a lot of emotions about this. People who care about not using Google proprietary stuff (like me, although I use Firefox on desktop and phone) shouldn't/won't use  the proprietary bookmark sync either; and people who don't care will either not care much about using chrome vs. chromium?", "timestamp": "2021-01-27 09:10:47", "update_id": 274228, "user_id": 3506, "id": 1839392, "testcase_feedback": [], "user": {"name": "martinpitt", "email": "mpitt@redhat.com", "id": 3506, "avatar": "https://seccdn.libravatar.org/avatar/a6a00790fadaca10623f4464437e482d4ec110fe331397506ea9fe2664bec740?s=24&d=retro", "openid": "martinpitt.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "cockpitteam"}, {"name": "ocp-cico-cockpit"}]}}}, {"karma": 0, "comment_id": 1843772, "bug_id": 1918237, "comment": {"karma": 0, "karma_critpath": 0, "text": "Personally I don't care one bit for Sync of Geolocation services. Those are one of the first things I try disable when using a browser. The warning at the startup however made me think it was a far more serious change that could hurt browsing security. I would keep the package, if I wanted the full Google experience I'd stick with Google Chrome.", "timestamp": "2021-01-29 13:18:23", "update_id": 274227, "user_id": 6192, "id": 1843772, "testcase_feedback": [], "user": {"name": "vedora", "email": "weetjenu@protonmail.com", "id": 6192, "avatar": "https://seccdn.libravatar.org/avatar/661ef5fab323bf214decbd6867540656fcc4181e6de41aa37a3a05ecd429a9a6?s=24&d=retro", "openid": "vedora.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1883793, "bug_id": 1918237, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thank you for continuing to maintain the package! Your builds so far have been top notch and this persuaded me to switch to Chromium partly (earlier a full fledged Firefox user, from way back when I was using Windows). It is indeed a real shame that Google has <sha> let us all down so much! Considering how much they use Linux: Linux apps are the closest to an actual ecosystem on ChromiumOS, they regularly let their open source projects AOSP and Chromium (OS)) wither away..\n\nAs I have also posted on arnoldthebat's update (https://arnoldthebat.co.uk/wordpress/2021/02/10/important-update/comment-page-1/?unapproved=114658&moderation-hash=1f39af0354eeb66a2907c367d1c07e47#comment-114658), and as echoed in this (https://www.techrepublic.com/article/google-stripping-chromium-of-certain-api-access-is-an-opportunity-for-the-browser-to-shine/), is it potentially possible for us to use our own form of syncing for Chromium browsers alone? There are a lot of open source devs who maintain the browser, and in arnold's case, the OS, and easily 3x as many users who need it to get away from the bad tech giant. Maybe such an API should help us get away for good.. (I personally can help test this on a phone and my laptop, on atleast 3 distributions and Android, and if I could, would love to help with the code as well (I went into the medical field #( ), and I do think all of us can band together for a while to get Chromium back to where it was)", "timestamp": "2021-02-12 08:38:37", "update_id": 274227, "user_id": 6222, "id": 1883793, "testcase_feedback": [], "user": {"name": "djremo", "email": "sidharth.sundaresan@gmail.com", "id": 6222, "avatar": "https://seccdn.libravatar.org/avatar/a0124676ecb3849c13610fbb482fcf48d33d7098e712ca7b49b56e01760cc7f9?s=24&d=retro", "openid": "djremo.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1912121, "bug_id": 1918237, "comment": {"karma": 1, "karma_critpath": 0, "text": "WoW! I started to use Chromium a while back, and it was glorious. Thank you for making Chromium for the masses; everyone owes you a great debt of gratitude. What you did was awesome, and it is sad. I am not much of a coder, but I am a philosopher, and I offer a eulogy (yeah, it's a program, I know; I have not lost it, work with me here).\n\nToday, I eulogize something beautiful under the most tragic of circumstances. It is like the death of a child, something created and has part of that creator in it. We are left with the questions of what if and why. It was not due to a faceless disease or defect inherited from the parents; it was murder. We know who did it. The killer is someone that we once gladly welcomed into our home. We trusted them with our personal communications, our many questions, and the records of our lives, all with the singular promise not to be evil. That was the first lie, but not the last. \n\nThe friend that we once trusted turned on us, and in secret, they practiced the dark arts and were possessed with the spirit of Google (for they are too many). Today, they have killed their brother Chromium, and his code still cries out from the ground, but are we listening? Power corrupts, and absolute power corrupts absolutely, and now they have become death: the destroyer of worlds. \n\nPrince Chromium is dead, and now we are left with his useless brother sitting on the throne and breaking nuts with the royal seal. The King is dead; long live the king; now, what about us?", "timestamp": "2021-03-02 08:02:43", "update_id": 274227, "user_id": 6267, "id": 1912121, "testcase_feedback": [], "user": {"name": "whstoermer", "email": "whs_1984@hotmail.com", "id": 6267, "avatar": "https://seccdn.libravatar.org/avatar/ef94db85e17e29d82cb493106dd7fc9700940263b168aa427444855ac703c066?s=24&d=retro", "openid": "whstoermer.id.fedoraproject.org", "groups": []}}}]}, {"bug_id": 1918238, "title": "CVE-2021-21137 chromium-browser: Inappropriate implementation in DevTools", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 1833300, "bug_id": 1918238, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works for me.", "timestamp": "2021-01-23 17:07:27", "update_id": 274227, "user_id": 273, "id": 1833300, "testcase_feedback": [], "user": {"name": "wolnei", "email": "e@wolnei.com.br", "id": 273, "avatar": "https://seccdn.libravatar.org/avatar/80619c350617edf030f2667bd8ffe77ff68f515022f339677c4571a0b2ec8296?s=24&d=retro", "openid": "wolnei.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "triagers"}, {"name": "advocates"}]}}}, {"karma": 0, "comment_id": 1832161, "bug_id": 1918238, "comment": {"karma": 0, "karma_critpath": 0, "text": "I'm not sure that 'disabling' sync that early before EOL is the best option.\nMessage and link popping up under toolbar does not explain what's going on and what the user can do about it: https://www.chromium.org/developers/how-tos/api-keys\n\nIt would be great to replace it with a link to some quick-doc explaining what and why will happen in March and what to do about it (that Firefox can import most data and sync it between multiple devices and platforms). Maybe in the meantime some alternative will arise, e.g. Firefox Sync adapted in Chromium or other synchronization engine, after all many distros will have this problem and probably some devs rely on that feature.\n\nI'm using Chromium just to test website compatibility, but I installed or recommended it for many non-technical users as a Chrome replacement. I'm pretty sure most users don't check bodhi and won't know what hit them.", "timestamp": "2021-01-22 21:24:10", "update_id": 274227, "user_id": 3674, "id": 1832161, "testcase_feedback": [], "user": {"name": "ozeszty", "email": "ozeszty@gmail.com", "id": 3674, "avatar": "https://seccdn.libravatar.org/avatar/9aeace02fa2d54f1f5febd3460182261a6a518035ea75cc9d788240d6e669cbe?s=24&d=retro", "openid": "ozeszty.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918238, "comment": {"karma": 1, "karma_critpath": 0, "text": "I'll always prefer chromium over chrome. Thank you for your work.", "timestamp": "2021-01-24 07:17:56", "update_id": 274228, "user_id": 4054, "id": 1833870, "testcase_feedback": [], "user": {"name": "boycottsystemd1", "email": "boycottsystemd@yahoo.com", "id": 4054, "avatar": "https://seccdn.libravatar.org/avatar/72822ae5aa82ed9dc6cb7bb35646270744387f81df9ec50d2903e8d4e0bd8691?s=24&d=retro", "openid": "boycottsystemd1.id.fedoraproject.org", "groups": [{"name": "ipausers"}]}}}, {"karma": 0, "comment_id": 1832013, "bug_id": 1918238, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-22 19:12:00", "update_id": 274227, "user_id": 2935, "id": 1832013, "testcase_feedback": [], "user": {"name": "imabug", "email": "eugenemah@gmail.com", "id": 2935, "avatar": "https://seccdn.libravatar.org/avatar/ea8ba927783ee0ef10e6f05f14791abf925972bac4f31aba458058d3e7907a6d?s=24&d=retro", "openid": "imabug.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedora-hams"}]}}}, {"karma": 0, "comment_id": 1833107, "bug_id": 1918238, "comment": {"karma": 1, "karma_critpath": 0, "text": "Firefox FTW!", "timestamp": "2021-01-23 13:37:43", "update_id": 274227, "user_id": 4120, "id": 1833107, "testcase_feedback": [], "user": {"name": "atim", "email": "ego.cordatus@gmail.com", "id": 4120, "avatar": "https://seccdn.libravatar.org/avatar/8c3a317a13d88ca7421098b94cce0501c97ca2283e7139c4992df34f6218fb3b?s=24&d=retro", "openid": "atim.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "rust-sig"}]}}}, {"karma": 0, "comment_id": 1833372, "bug_id": 1918238, "comment": {"karma": 1, "karma_critpath": 0, "text": "**Thank you for maintaining the rpm !**", "timestamp": "2021-01-23 19:00:03", "update_id": 274227, "user_id": 6171, "id": 1833372, "testcase_feedback": [], "user": {"name": "x3dsf", "email": "talktofergus@gmail.com", "id": 6171, "avatar": "https://seccdn.libravatar.org/avatar/d05ae1bb65ea90306d28213b40ba72ff40de91b48767b282b0ae4f6a9fdee9f5?s=24&d=retro", "openid": "x3dsf.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1833207, "bug_id": 1918238, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-23 15:35:29", "update_id": 274227, "user_id": 5791, "id": 1833207, "testcase_feedback": [], "user": {"name": "pampelmuse", "email": "pampelmuse@gmx.at", "id": 5791, "avatar": "https://seccdn.libravatar.org/avatar/bb6c6342bfedc934915501150e118faf015cde0f79677ee978989c5234cd8b1b?s=24&d=retro", "openid": "pampelmuse.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 0, "comment_id": 1833904, "bug_id": 1918238, "comment": {"karma": 1, "karma_critpath": 0, "text": "Thank you for maintaining this package and for 'ripping the patch' up front, without adding a long pain to it. \nAlso, for whoever is here asking themselves if there is a fully functional browser with sync-ing capabilities, the answer is yes: Firefox. ;-)\n", "timestamp": "2021-01-24 08:40:50", "update_id": 274227, "user_id": 4635, "id": 1833904, "testcase_feedback": [], "user": {"name": "ckristi", "email": "ckristi@gmail.com", "id": 4635, "avatar": "https://seccdn.libravatar.org/avatar/7470b7723a1569ad482dd778bfca90f0f22571f574746af4f90a84b55d52d90f?s=24&d=retro", "openid": "ckristi.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1835458, "bug_id": 1918238, "comment": {"karma": 0, "karma_critpath": 0, "text": "Please consider keeping the package updated going forward.\n\nWhile sync is certainly a useful feature, it's entirely possible to use Chromium without ever enabling it; some people might even consider the removal of this Google-specific functionality an improvement.\n\nFirefox is a very valid alternative, and what I personally use, but the fact that the two browsers use different engines makes it quite valuable to have both in the distribution.", "timestamp": "2021-01-24 23:16:22", "update_id": 274227, "user_id": 5346, "id": 1835458, "testcase_feedback": [], "user": {"name": "abologna", "email": "eof@kiyuko.org", "id": 5346, "avatar": "https://seccdn.libravatar.org/avatar/b3a32a0d2dcf11525bcda6c548a2e371fefce6e356c3761abeb43c51e38d320e?s=24&d=retro", "openid": "abologna.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "wikiedit"}, {"name": "kubevirt"}]}}}, {"karma": 0, "comment_id": 1836831, "bug_id": 1918238, "comment": {"karma": 0, "karma_critpath": 0, "text": "Is removal actually correct? The email thread says that APIs like safe browsing are still available, but they won't be any longer if the API keys get removed.", "timestamp": "2021-01-25 18:38:52", "update_id": 274227, "user_id": 4713, "id": 1836831, "testcase_feedback": [], "user": {"name": "refi64", "email": "rymg19@gmail.com", "id": 4713, "avatar": "https://seccdn.libravatar.org/avatar/46c688fd5c97a57db2e5d09d34cc92fb478308e4abf18ecd6bc2cc6de397b57d?s=24&d=retro", "openid": "refi64.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1839212, "bug_id": 1918238, "comment": {"karma": 0, "karma_critpath": 0, "text": "I would say replace the package with Ungoogled Chromium. This is effectively the same to end-users once the APIs are blocked, with one major gain which is complete google APIs block and removal at user-end to prevent any tracking act by google. ", "timestamp": "2021-01-27 05:44:28", "update_id": 274227, "user_id": 6181, "id": 1839212, "testcase_feedback": [], "user": {"name": "mahmoudajawad", "email": "m.abduljawad@hey.com", "id": 6181, "avatar": "https://seccdn.libravatar.org/avatar/8ca985ad1641c9cf4f27302a22af8e585a6394f11d7c68dfbd10a579280a022f?s=24&d=retro", "openid": "mahmoudajawad.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918238, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thanks a lot @spot for your work in maintaining chromium. I can assure you that we (cockpit team) depend on having a good Chromium Fedora package, and that your effort is much appreciated!\n\nHonestly I have a hard time shedding a lot of emotions about this. People who care about not using Google proprietary stuff (like me, although I use Firefox on desktop and phone) shouldn't/won't use  the proprietary bookmark sync either; and people who don't care will either not care much about using chrome vs. chromium?", "timestamp": "2021-01-27 09:10:47", "update_id": 274228, "user_id": 3506, "id": 1839392, "testcase_feedback": [], "user": {"name": "martinpitt", "email": "mpitt@redhat.com", "id": 3506, "avatar": "https://seccdn.libravatar.org/avatar/a6a00790fadaca10623f4464437e482d4ec110fe331397506ea9fe2664bec740?s=24&d=retro", "openid": "martinpitt.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "cockpitteam"}, {"name": "ocp-cico-cockpit"}]}}}, {"karma": 0, "comment_id": 1843772, "bug_id": 1918238, "comment": {"karma": 0, "karma_critpath": 0, "text": "Personally I don't care one bit for Sync of Geolocation services. Those are one of the first things I try disable when using a browser. The warning at the startup however made me think it was a far more serious change that could hurt browsing security. I would keep the package, if I wanted the full Google experience I'd stick with Google Chrome.", "timestamp": "2021-01-29 13:18:23", "update_id": 274227, "user_id": 6192, "id": 1843772, "testcase_feedback": [], "user": {"name": "vedora", "email": "weetjenu@protonmail.com", "id": 6192, "avatar": "https://seccdn.libravatar.org/avatar/661ef5fab323bf214decbd6867540656fcc4181e6de41aa37a3a05ecd429a9a6?s=24&d=retro", "openid": "vedora.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1883793, "bug_id": 1918238, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thank you for continuing to maintain the package! Your builds so far have been top notch and this persuaded me to switch to Chromium partly (earlier a full fledged Firefox user, from way back when I was using Windows). It is indeed a real shame that Google has <sha> let us all down so much! Considering how much they use Linux: Linux apps are the closest to an actual ecosystem on ChromiumOS, they regularly let their open source projects AOSP and Chromium (OS)) wither away..\n\nAs I have also posted on arnoldthebat's update (https://arnoldthebat.co.uk/wordpress/2021/02/10/important-update/comment-page-1/?unapproved=114658&moderation-hash=1f39af0354eeb66a2907c367d1c07e47#comment-114658), and as echoed in this (https://www.techrepublic.com/article/google-stripping-chromium-of-certain-api-access-is-an-opportunity-for-the-browser-to-shine/), is it potentially possible for us to use our own form of syncing for Chromium browsers alone? There are a lot of open source devs who maintain the browser, and in arnold's case, the OS, and easily 3x as many users who need it to get away from the bad tech giant. Maybe such an API should help us get away for good.. (I personally can help test this on a phone and my laptop, on atleast 3 distributions and Android, and if I could, would love to help with the code as well (I went into the medical field #( ), and I do think all of us can band together for a while to get Chromium back to where it was)", "timestamp": "2021-02-12 08:38:37", "update_id": 274227, "user_id": 6222, "id": 1883793, "testcase_feedback": [], "user": {"name": "djremo", "email": "sidharth.sundaresan@gmail.com", "id": 6222, "avatar": "https://seccdn.libravatar.org/avatar/a0124676ecb3849c13610fbb482fcf48d33d7098e712ca7b49b56e01760cc7f9?s=24&d=retro", "openid": "djremo.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1912121, "bug_id": 1918238, "comment": {"karma": 1, "karma_critpath": 0, "text": "WoW! I started to use Chromium a while back, and it was glorious. Thank you for making Chromium for the masses; everyone owes you a great debt of gratitude. What you did was awesome, and it is sad. I am not much of a coder, but I am a philosopher, and I offer a eulogy (yeah, it's a program, I know; I have not lost it, work with me here).\n\nToday, I eulogize something beautiful under the most tragic of circumstances. It is like the death of a child, something created and has part of that creator in it. We are left with the questions of what if and why. It was not due to a faceless disease or defect inherited from the parents; it was murder. We know who did it. The killer is someone that we once gladly welcomed into our home. We trusted them with our personal communications, our many questions, and the records of our lives, all with the singular promise not to be evil. That was the first lie, but not the last. \n\nThe friend that we once trusted turned on us, and in secret, they practiced the dark arts and were possessed with the spirit of Google (for they are too many). Today, they have killed their brother Chromium, and his code still cries out from the ground, but are we listening? Power corrupts, and absolute power corrupts absolutely, and now they have become death: the destroyer of worlds. \n\nPrince Chromium is dead, and now we are left with his useless brother sitting on the throne and breaking nuts with the royal seal. The King is dead; long live the king; now, what about us?", "timestamp": "2021-03-02 08:02:43", "update_id": 274227, "user_id": 6267, "id": 1912121, "testcase_feedback": [], "user": {"name": "whstoermer", "email": "whs_1984@hotmail.com", "id": 6267, "avatar": "https://seccdn.libravatar.org/avatar/ef94db85e17e29d82cb493106dd7fc9700940263b168aa427444855ac703c066?s=24&d=retro", "openid": "whstoermer.id.fedoraproject.org", "groups": []}}}]}, {"bug_id": 1918239, "title": "CVE-2021-21138 chromium-browser: Use after free in DevTools", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 1833300, "bug_id": 1918239, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works for me.", "timestamp": "2021-01-23 17:07:27", "update_id": 274227, "user_id": 273, "id": 1833300, "testcase_feedback": [], "user": {"name": "wolnei", "email": "e@wolnei.com.br", "id": 273, "avatar": "https://seccdn.libravatar.org/avatar/80619c350617edf030f2667bd8ffe77ff68f515022f339677c4571a0b2ec8296?s=24&d=retro", "openid": "wolnei.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "triagers"}, {"name": "advocates"}]}}}, {"karma": 0, "comment_id": 1832161, "bug_id": 1918239, "comment": {"karma": 0, "karma_critpath": 0, "text": "I'm not sure that 'disabling' sync that early before EOL is the best option.\nMessage and link popping up under toolbar does not explain what's going on and what the user can do about it: https://www.chromium.org/developers/how-tos/api-keys\n\nIt would be great to replace it with a link to some quick-doc explaining what and why will happen in March and what to do about it (that Firefox can import most data and sync it between multiple devices and platforms). Maybe in the meantime some alternative will arise, e.g. Firefox Sync adapted in Chromium or other synchronization engine, after all many distros will have this problem and probably some devs rely on that feature.\n\nI'm using Chromium just to test website compatibility, but I installed or recommended it for many non-technical users as a Chrome replacement. I'm pretty sure most users don't check bodhi and won't know what hit them.", "timestamp": "2021-01-22 21:24:10", "update_id": 274227, "user_id": 3674, "id": 1832161, "testcase_feedback": [], "user": {"name": "ozeszty", "email": "ozeszty@gmail.com", "id": 3674, "avatar": "https://seccdn.libravatar.org/avatar/9aeace02fa2d54f1f5febd3460182261a6a518035ea75cc9d788240d6e669cbe?s=24&d=retro", "openid": "ozeszty.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918239, "comment": {"karma": 1, "karma_critpath": 0, "text": "I'll always prefer chromium over chrome. Thank you for your work.", "timestamp": "2021-01-24 07:17:56", "update_id": 274228, "user_id": 4054, "id": 1833870, "testcase_feedback": [], "user": {"name": "boycottsystemd1", "email": "boycottsystemd@yahoo.com", "id": 4054, "avatar": "https://seccdn.libravatar.org/avatar/72822ae5aa82ed9dc6cb7bb35646270744387f81df9ec50d2903e8d4e0bd8691?s=24&d=retro", "openid": "boycottsystemd1.id.fedoraproject.org", "groups": [{"name": "ipausers"}]}}}, {"karma": 0, "comment_id": 1832013, "bug_id": 1918239, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-22 19:12:00", "update_id": 274227, "user_id": 2935, "id": 1832013, "testcase_feedback": [], "user": {"name": "imabug", "email": "eugenemah@gmail.com", "id": 2935, "avatar": "https://seccdn.libravatar.org/avatar/ea8ba927783ee0ef10e6f05f14791abf925972bac4f31aba458058d3e7907a6d?s=24&d=retro", "openid": "imabug.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedora-hams"}]}}}, {"karma": 0, "comment_id": 1833107, "bug_id": 1918239, "comment": {"karma": 1, "karma_critpath": 0, "text": "Firefox FTW!", "timestamp": "2021-01-23 13:37:43", "update_id": 274227, "user_id": 4120, "id": 1833107, "testcase_feedback": [], "user": {"name": "atim", "email": "ego.cordatus@gmail.com", "id": 4120, "avatar": "https://seccdn.libravatar.org/avatar/8c3a317a13d88ca7421098b94cce0501c97ca2283e7139c4992df34f6218fb3b?s=24&d=retro", "openid": "atim.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "rust-sig"}]}}}, {"karma": 0, "comment_id": 1833372, "bug_id": 1918239, "comment": {"karma": 1, "karma_critpath": 0, "text": "**Thank you for maintaining the rpm !**", "timestamp": "2021-01-23 19:00:03", "update_id": 274227, "user_id": 6171, "id": 1833372, "testcase_feedback": [], "user": {"name": "x3dsf", "email": "talktofergus@gmail.com", "id": 6171, "avatar": "https://seccdn.libravatar.org/avatar/d05ae1bb65ea90306d28213b40ba72ff40de91b48767b282b0ae4f6a9fdee9f5?s=24&d=retro", "openid": "x3dsf.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1833207, "bug_id": 1918239, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-23 15:35:29", "update_id": 274227, "user_id": 5791, "id": 1833207, "testcase_feedback": [], "user": {"name": "pampelmuse", "email": "pampelmuse@gmx.at", "id": 5791, "avatar": "https://seccdn.libravatar.org/avatar/bb6c6342bfedc934915501150e118faf015cde0f79677ee978989c5234cd8b1b?s=24&d=retro", "openid": "pampelmuse.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 0, "comment_id": 1833904, "bug_id": 1918239, "comment": {"karma": 1, "karma_critpath": 0, "text": "Thank you for maintaining this package and for 'ripping the patch' up front, without adding a long pain to it. \nAlso, for whoever is here asking themselves if there is a fully functional browser with sync-ing capabilities, the answer is yes: Firefox. ;-)\n", "timestamp": "2021-01-24 08:40:50", "update_id": 274227, "user_id": 4635, "id": 1833904, "testcase_feedback": [], "user": {"name": "ckristi", "email": "ckristi@gmail.com", "id": 4635, "avatar": "https://seccdn.libravatar.org/avatar/7470b7723a1569ad482dd778bfca90f0f22571f574746af4f90a84b55d52d90f?s=24&d=retro", "openid": "ckristi.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1835458, "bug_id": 1918239, "comment": {"karma": 0, "karma_critpath": 0, "text": "Please consider keeping the package updated going forward.\n\nWhile sync is certainly a useful feature, it's entirely possible to use Chromium without ever enabling it; some people might even consider the removal of this Google-specific functionality an improvement.\n\nFirefox is a very valid alternative, and what I personally use, but the fact that the two browsers use different engines makes it quite valuable to have both in the distribution.", "timestamp": "2021-01-24 23:16:22", "update_id": 274227, "user_id": 5346, "id": 1835458, "testcase_feedback": [], "user": {"name": "abologna", "email": "eof@kiyuko.org", "id": 5346, "avatar": "https://seccdn.libravatar.org/avatar/b3a32a0d2dcf11525bcda6c548a2e371fefce6e356c3761abeb43c51e38d320e?s=24&d=retro", "openid": "abologna.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "wikiedit"}, {"name": "kubevirt"}]}}}, {"karma": 0, "comment_id": 1836831, "bug_id": 1918239, "comment": {"karma": 0, "karma_critpath": 0, "text": "Is removal actually correct? The email thread says that APIs like safe browsing are still available, but they won't be any longer if the API keys get removed.", "timestamp": "2021-01-25 18:38:52", "update_id": 274227, "user_id": 4713, "id": 1836831, "testcase_feedback": [], "user": {"name": "refi64", "email": "rymg19@gmail.com", "id": 4713, "avatar": "https://seccdn.libravatar.org/avatar/46c688fd5c97a57db2e5d09d34cc92fb478308e4abf18ecd6bc2cc6de397b57d?s=24&d=retro", "openid": "refi64.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1839212, "bug_id": 1918239, "comment": {"karma": 0, "karma_critpath": 0, "text": "I would say replace the package with Ungoogled Chromium. This is effectively the same to end-users once the APIs are blocked, with one major gain which is complete google APIs block and removal at user-end to prevent any tracking act by google. ", "timestamp": "2021-01-27 05:44:28", "update_id": 274227, "user_id": 6181, "id": 1839212, "testcase_feedback": [], "user": {"name": "mahmoudajawad", "email": "m.abduljawad@hey.com", "id": 6181, "avatar": "https://seccdn.libravatar.org/avatar/8ca985ad1641c9cf4f27302a22af8e585a6394f11d7c68dfbd10a579280a022f?s=24&d=retro", "openid": "mahmoudajawad.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918239, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thanks a lot @spot for your work in maintaining chromium. I can assure you that we (cockpit team) depend on having a good Chromium Fedora package, and that your effort is much appreciated!\n\nHonestly I have a hard time shedding a lot of emotions about this. People who care about not using Google proprietary stuff (like me, although I use Firefox on desktop and phone) shouldn't/won't use  the proprietary bookmark sync either; and people who don't care will either not care much about using chrome vs. chromium?", "timestamp": "2021-01-27 09:10:47", "update_id": 274228, "user_id": 3506, "id": 1839392, "testcase_feedback": [], "user": {"name": "martinpitt", "email": "mpitt@redhat.com", "id": 3506, "avatar": "https://seccdn.libravatar.org/avatar/a6a00790fadaca10623f4464437e482d4ec110fe331397506ea9fe2664bec740?s=24&d=retro", "openid": "martinpitt.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "cockpitteam"}, {"name": "ocp-cico-cockpit"}]}}}, {"karma": 0, "comment_id": 1843772, "bug_id": 1918239, "comment": {"karma": 0, "karma_critpath": 0, "text": "Personally I don't care one bit for Sync of Geolocation services. Those are one of the first things I try disable when using a browser. The warning at the startup however made me think it was a far more serious change that could hurt browsing security. I would keep the package, if I wanted the full Google experience I'd stick with Google Chrome.", "timestamp": "2021-01-29 13:18:23", "update_id": 274227, "user_id": 6192, "id": 1843772, "testcase_feedback": [], "user": {"name": "vedora", "email": "weetjenu@protonmail.com", "id": 6192, "avatar": "https://seccdn.libravatar.org/avatar/661ef5fab323bf214decbd6867540656fcc4181e6de41aa37a3a05ecd429a9a6?s=24&d=retro", "openid": "vedora.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1883793, "bug_id": 1918239, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thank you for continuing to maintain the package! Your builds so far have been top notch and this persuaded me to switch to Chromium partly (earlier a full fledged Firefox user, from way back when I was using Windows). It is indeed a real shame that Google has <sha> let us all down so much! Considering how much they use Linux: Linux apps are the closest to an actual ecosystem on ChromiumOS, they regularly let their open source projects AOSP and Chromium (OS)) wither away..\n\nAs I have also posted on arnoldthebat's update (https://arnoldthebat.co.uk/wordpress/2021/02/10/important-update/comment-page-1/?unapproved=114658&moderation-hash=1f39af0354eeb66a2907c367d1c07e47#comment-114658), and as echoed in this (https://www.techrepublic.com/article/google-stripping-chromium-of-certain-api-access-is-an-opportunity-for-the-browser-to-shine/), is it potentially possible for us to use our own form of syncing for Chromium browsers alone? There are a lot of open source devs who maintain the browser, and in arnold's case, the OS, and easily 3x as many users who need it to get away from the bad tech giant. Maybe such an API should help us get away for good.. (I personally can help test this on a phone and my laptop, on atleast 3 distributions and Android, and if I could, would love to help with the code as well (I went into the medical field #( ), and I do think all of us can band together for a while to get Chromium back to where it was)", "timestamp": "2021-02-12 08:38:37", "update_id": 274227, "user_id": 6222, "id": 1883793, "testcase_feedback": [], "user": {"name": "djremo", "email": "sidharth.sundaresan@gmail.com", "id": 6222, "avatar": "https://seccdn.libravatar.org/avatar/a0124676ecb3849c13610fbb482fcf48d33d7098e712ca7b49b56e01760cc7f9?s=24&d=retro", "openid": "djremo.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1912121, "bug_id": 1918239, "comment": {"karma": 1, "karma_critpath": 0, "text": "WoW! I started to use Chromium a while back, and it was glorious. Thank you for making Chromium for the masses; everyone owes you a great debt of gratitude. What you did was awesome, and it is sad. I am not much of a coder, but I am a philosopher, and I offer a eulogy (yeah, it's a program, I know; I have not lost it, work with me here).\n\nToday, I eulogize something beautiful under the most tragic of circumstances. It is like the death of a child, something created and has part of that creator in it. We are left with the questions of what if and why. It was not due to a faceless disease or defect inherited from the parents; it was murder. We know who did it. The killer is someone that we once gladly welcomed into our home. We trusted them with our personal communications, our many questions, and the records of our lives, all with the singular promise not to be evil. That was the first lie, but not the last. \n\nThe friend that we once trusted turned on us, and in secret, they practiced the dark arts and were possessed with the spirit of Google (for they are too many). Today, they have killed their brother Chromium, and his code still cries out from the ground, but are we listening? Power corrupts, and absolute power corrupts absolutely, and now they have become death: the destroyer of worlds. \n\nPrince Chromium is dead, and now we are left with his useless brother sitting on the throne and breaking nuts with the royal seal. The King is dead; long live the king; now, what about us?", "timestamp": "2021-03-02 08:02:43", "update_id": 274227, "user_id": 6267, "id": 1912121, "testcase_feedback": [], "user": {"name": "whstoermer", "email": "whs_1984@hotmail.com", "id": 6267, "avatar": "https://seccdn.libravatar.org/avatar/ef94db85e17e29d82cb493106dd7fc9700940263b168aa427444855ac703c066?s=24&d=retro", "openid": "whstoermer.id.fedoraproject.org", "groups": []}}}]}, {"bug_id": 1918240, "title": "CVE-2021-21139 chromium-browser: Inappropriate implementation in iframe sandbox", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 1833300, "bug_id": 1918240, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works for me.", "timestamp": "2021-01-23 17:07:27", "update_id": 274227, "user_id": 273, "id": 1833300, "testcase_feedback": [], "user": {"name": "wolnei", "email": "e@wolnei.com.br", "id": 273, "avatar": "https://seccdn.libravatar.org/avatar/80619c350617edf030f2667bd8ffe77ff68f515022f339677c4571a0b2ec8296?s=24&d=retro", "openid": "wolnei.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "triagers"}, {"name": "advocates"}]}}}, {"karma": 0, "comment_id": 1832161, "bug_id": 1918240, "comment": {"karma": 0, "karma_critpath": 0, "text": "I'm not sure that 'disabling' sync that early before EOL is the best option.\nMessage and link popping up under toolbar does not explain what's going on and what the user can do about it: https://www.chromium.org/developers/how-tos/api-keys\n\nIt would be great to replace it with a link to some quick-doc explaining what and why will happen in March and what to do about it (that Firefox can import most data and sync it between multiple devices and platforms). Maybe in the meantime some alternative will arise, e.g. Firefox Sync adapted in Chromium or other synchronization engine, after all many distros will have this problem and probably some devs rely on that feature.\n\nI'm using Chromium just to test website compatibility, but I installed or recommended it for many non-technical users as a Chrome replacement. I'm pretty sure most users don't check bodhi and won't know what hit them.", "timestamp": "2021-01-22 21:24:10", "update_id": 274227, "user_id": 3674, "id": 1832161, "testcase_feedback": [], "user": {"name": "ozeszty", "email": "ozeszty@gmail.com", "id": 3674, "avatar": "https://seccdn.libravatar.org/avatar/9aeace02fa2d54f1f5febd3460182261a6a518035ea75cc9d788240d6e669cbe?s=24&d=retro", "openid": "ozeszty.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918240, "comment": {"karma": 1, "karma_critpath": 0, "text": "I'll always prefer chromium over chrome. Thank you for your work.", "timestamp": "2021-01-24 07:17:56", "update_id": 274228, "user_id": 4054, "id": 1833870, "testcase_feedback": [], "user": {"name": "boycottsystemd1", "email": "boycottsystemd@yahoo.com", "id": 4054, "avatar": "https://seccdn.libravatar.org/avatar/72822ae5aa82ed9dc6cb7bb35646270744387f81df9ec50d2903e8d4e0bd8691?s=24&d=retro", "openid": "boycottsystemd1.id.fedoraproject.org", "groups": [{"name": "ipausers"}]}}}, {"karma": 0, "comment_id": 1832013, "bug_id": 1918240, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-22 19:12:00", "update_id": 274227, "user_id": 2935, "id": 1832013, "testcase_feedback": [], "user": {"name": "imabug", "email": "eugenemah@gmail.com", "id": 2935, "avatar": "https://seccdn.libravatar.org/avatar/ea8ba927783ee0ef10e6f05f14791abf925972bac4f31aba458058d3e7907a6d?s=24&d=retro", "openid": "imabug.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedora-hams"}]}}}, {"karma": 0, "comment_id": 1833107, "bug_id": 1918240, "comment": {"karma": 1, "karma_critpath": 0, "text": "Firefox FTW!", "timestamp": "2021-01-23 13:37:43", "update_id": 274227, "user_id": 4120, "id": 1833107, "testcase_feedback": [], "user": {"name": "atim", "email": "ego.cordatus@gmail.com", "id": 4120, "avatar": "https://seccdn.libravatar.org/avatar/8c3a317a13d88ca7421098b94cce0501c97ca2283e7139c4992df34f6218fb3b?s=24&d=retro", "openid": "atim.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "rust-sig"}]}}}, {"karma": 0, "comment_id": 1833372, "bug_id": 1918240, "comment": {"karma": 1, "karma_critpath": 0, "text": "**Thank you for maintaining the rpm !**", "timestamp": "2021-01-23 19:00:03", "update_id": 274227, "user_id": 6171, "id": 1833372, "testcase_feedback": [], "user": {"name": "x3dsf", "email": "talktofergus@gmail.com", "id": 6171, "avatar": "https://seccdn.libravatar.org/avatar/d05ae1bb65ea90306d28213b40ba72ff40de91b48767b282b0ae4f6a9fdee9f5?s=24&d=retro", "openid": "x3dsf.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1833207, "bug_id": 1918240, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-23 15:35:29", "update_id": 274227, "user_id": 5791, "id": 1833207, "testcase_feedback": [], "user": {"name": "pampelmuse", "email": "pampelmuse@gmx.at", "id": 5791, "avatar": "https://seccdn.libravatar.org/avatar/bb6c6342bfedc934915501150e118faf015cde0f79677ee978989c5234cd8b1b?s=24&d=retro", "openid": "pampelmuse.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 0, "comment_id": 1833904, "bug_id": 1918240, "comment": {"karma": 1, "karma_critpath": 0, "text": "Thank you for maintaining this package and for 'ripping the patch' up front, without adding a long pain to it. \nAlso, for whoever is here asking themselves if there is a fully functional browser with sync-ing capabilities, the answer is yes: Firefox. ;-)\n", "timestamp": "2021-01-24 08:40:50", "update_id": 274227, "user_id": 4635, "id": 1833904, "testcase_feedback": [], "user": {"name": "ckristi", "email": "ckristi@gmail.com", "id": 4635, "avatar": "https://seccdn.libravatar.org/avatar/7470b7723a1569ad482dd778bfca90f0f22571f574746af4f90a84b55d52d90f?s=24&d=retro", "openid": "ckristi.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1835458, "bug_id": 1918240, "comment": {"karma": 0, "karma_critpath": 0, "text": "Please consider keeping the package updated going forward.\n\nWhile sync is certainly a useful feature, it's entirely possible to use Chromium without ever enabling it; some people might even consider the removal of this Google-specific functionality an improvement.\n\nFirefox is a very valid alternative, and what I personally use, but the fact that the two browsers use different engines makes it quite valuable to have both in the distribution.", "timestamp": "2021-01-24 23:16:22", "update_id": 274227, "user_id": 5346, "id": 1835458, "testcase_feedback": [], "user": {"name": "abologna", "email": "eof@kiyuko.org", "id": 5346, "avatar": "https://seccdn.libravatar.org/avatar/b3a32a0d2dcf11525bcda6c548a2e371fefce6e356c3761abeb43c51e38d320e?s=24&d=retro", "openid": "abologna.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "wikiedit"}, {"name": "kubevirt"}]}}}, {"karma": 0, "comment_id": 1836831, "bug_id": 1918240, "comment": {"karma": 0, "karma_critpath": 0, "text": "Is removal actually correct? The email thread says that APIs like safe browsing are still available, but they won't be any longer if the API keys get removed.", "timestamp": "2021-01-25 18:38:52", "update_id": 274227, "user_id": 4713, "id": 1836831, "testcase_feedback": [], "user": {"name": "refi64", "email": "rymg19@gmail.com", "id": 4713, "avatar": "https://seccdn.libravatar.org/avatar/46c688fd5c97a57db2e5d09d34cc92fb478308e4abf18ecd6bc2cc6de397b57d?s=24&d=retro", "openid": "refi64.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1839212, "bug_id": 1918240, "comment": {"karma": 0, "karma_critpath": 0, "text": "I would say replace the package with Ungoogled Chromium. This is effectively the same to end-users once the APIs are blocked, with one major gain which is complete google APIs block and removal at user-end to prevent any tracking act by google. ", "timestamp": "2021-01-27 05:44:28", "update_id": 274227, "user_id": 6181, "id": 1839212, "testcase_feedback": [], "user": {"name": "mahmoudajawad", "email": "m.abduljawad@hey.com", "id": 6181, "avatar": "https://seccdn.libravatar.org/avatar/8ca985ad1641c9cf4f27302a22af8e585a6394f11d7c68dfbd10a579280a022f?s=24&d=retro", "openid": "mahmoudajawad.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918240, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thanks a lot @spot for your work in maintaining chromium. I can assure you that we (cockpit team) depend on having a good Chromium Fedora package, and that your effort is much appreciated!\n\nHonestly I have a hard time shedding a lot of emotions about this. People who care about not using Google proprietary stuff (like me, although I use Firefox on desktop and phone) shouldn't/won't use  the proprietary bookmark sync either; and people who don't care will either not care much about using chrome vs. chromium?", "timestamp": "2021-01-27 09:10:47", "update_id": 274228, "user_id": 3506, "id": 1839392, "testcase_feedback": [], "user": {"name": "martinpitt", "email": "mpitt@redhat.com", "id": 3506, "avatar": "https://seccdn.libravatar.org/avatar/a6a00790fadaca10623f4464437e482d4ec110fe331397506ea9fe2664bec740?s=24&d=retro", "openid": "martinpitt.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "cockpitteam"}, {"name": "ocp-cico-cockpit"}]}}}, {"karma": 0, "comment_id": 1843772, "bug_id": 1918240, "comment": {"karma": 0, "karma_critpath": 0, "text": "Personally I don't care one bit for Sync of Geolocation services. Those are one of the first things I try disable when using a browser. The warning at the startup however made me think it was a far more serious change that could hurt browsing security. I would keep the package, if I wanted the full Google experience I'd stick with Google Chrome.", "timestamp": "2021-01-29 13:18:23", "update_id": 274227, "user_id": 6192, "id": 1843772, "testcase_feedback": [], "user": {"name": "vedora", "email": "weetjenu@protonmail.com", "id": 6192, "avatar": "https://seccdn.libravatar.org/avatar/661ef5fab323bf214decbd6867540656fcc4181e6de41aa37a3a05ecd429a9a6?s=24&d=retro", "openid": "vedora.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1883793, "bug_id": 1918240, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thank you for continuing to maintain the package! Your builds so far have been top notch and this persuaded me to switch to Chromium partly (earlier a full fledged Firefox user, from way back when I was using Windows). It is indeed a real shame that Google has <sha> let us all down so much! Considering how much they use Linux: Linux apps are the closest to an actual ecosystem on ChromiumOS, they regularly let their open source projects AOSP and Chromium (OS)) wither away..\n\nAs I have also posted on arnoldthebat's update (https://arnoldthebat.co.uk/wordpress/2021/02/10/important-update/comment-page-1/?unapproved=114658&moderation-hash=1f39af0354eeb66a2907c367d1c07e47#comment-114658), and as echoed in this (https://www.techrepublic.com/article/google-stripping-chromium-of-certain-api-access-is-an-opportunity-for-the-browser-to-shine/), is it potentially possible for us to use our own form of syncing for Chromium browsers alone? There are a lot of open source devs who maintain the browser, and in arnold's case, the OS, and easily 3x as many users who need it to get away from the bad tech giant. Maybe such an API should help us get away for good.. (I personally can help test this on a phone and my laptop, on atleast 3 distributions and Android, and if I could, would love to help with the code as well (I went into the medical field #( ), and I do think all of us can band together for a while to get Chromium back to where it was)", "timestamp": "2021-02-12 08:38:37", "update_id": 274227, "user_id": 6222, "id": 1883793, "testcase_feedback": [], "user": {"name": "djremo", "email": "sidharth.sundaresan@gmail.com", "id": 6222, "avatar": "https://seccdn.libravatar.org/avatar/a0124676ecb3849c13610fbb482fcf48d33d7098e712ca7b49b56e01760cc7f9?s=24&d=retro", "openid": "djremo.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1912121, "bug_id": 1918240, "comment": {"karma": 1, "karma_critpath": 0, "text": "WoW! I started to use Chromium a while back, and it was glorious. Thank you for making Chromium for the masses; everyone owes you a great debt of gratitude. What you did was awesome, and it is sad. I am not much of a coder, but I am a philosopher, and I offer a eulogy (yeah, it's a program, I know; I have not lost it, work with me here).\n\nToday, I eulogize something beautiful under the most tragic of circumstances. It is like the death of a child, something created and has part of that creator in it. We are left with the questions of what if and why. It was not due to a faceless disease or defect inherited from the parents; it was murder. We know who did it. The killer is someone that we once gladly welcomed into our home. We trusted them with our personal communications, our many questions, and the records of our lives, all with the singular promise not to be evil. That was the first lie, but not the last. \n\nThe friend that we once trusted turned on us, and in secret, they practiced the dark arts and were possessed with the spirit of Google (for they are too many). Today, they have killed their brother Chromium, and his code still cries out from the ground, but are we listening? Power corrupts, and absolute power corrupts absolutely, and now they have become death: the destroyer of worlds. \n\nPrince Chromium is dead, and now we are left with his useless brother sitting on the throne and breaking nuts with the royal seal. The King is dead; long live the king; now, what about us?", "timestamp": "2021-03-02 08:02:43", "update_id": 274227, "user_id": 6267, "id": 1912121, "testcase_feedback": [], "user": {"name": "whstoermer", "email": "whs_1984@hotmail.com", "id": 6267, "avatar": "https://seccdn.libravatar.org/avatar/ef94db85e17e29d82cb493106dd7fc9700940263b168aa427444855ac703c066?s=24&d=retro", "openid": "whstoermer.id.fedoraproject.org", "groups": []}}}]}, {"bug_id": 1918241, "title": "CVE-2021-21140 chromium-browser: Uninitialized Use in USB", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 1833300, "bug_id": 1918241, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works for me.", "timestamp": "2021-01-23 17:07:27", "update_id": 274227, "user_id": 273, "id": 1833300, "testcase_feedback": [], "user": {"name": "wolnei", "email": "e@wolnei.com.br", "id": 273, "avatar": "https://seccdn.libravatar.org/avatar/80619c350617edf030f2667bd8ffe77ff68f515022f339677c4571a0b2ec8296?s=24&d=retro", "openid": "wolnei.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "triagers"}, {"name": "advocates"}]}}}, {"karma": 0, "comment_id": 1832161, "bug_id": 1918241, "comment": {"karma": 0, "karma_critpath": 0, "text": "I'm not sure that 'disabling' sync that early before EOL is the best option.\nMessage and link popping up under toolbar does not explain what's going on and what the user can do about it: https://www.chromium.org/developers/how-tos/api-keys\n\nIt would be great to replace it with a link to some quick-doc explaining what and why will happen in March and what to do about it (that Firefox can import most data and sync it between multiple devices and platforms). Maybe in the meantime some alternative will arise, e.g. Firefox Sync adapted in Chromium or other synchronization engine, after all many distros will have this problem and probably some devs rely on that feature.\n\nI'm using Chromium just to test website compatibility, but I installed or recommended it for many non-technical users as a Chrome replacement. I'm pretty sure most users don't check bodhi and won't know what hit them.", "timestamp": "2021-01-22 21:24:10", "update_id": 274227, "user_id": 3674, "id": 1832161, "testcase_feedback": [], "user": {"name": "ozeszty", "email": "ozeszty@gmail.com", "id": 3674, "avatar": "https://seccdn.libravatar.org/avatar/9aeace02fa2d54f1f5febd3460182261a6a518035ea75cc9d788240d6e669cbe?s=24&d=retro", "openid": "ozeszty.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918241, "comment": {"karma": 1, "karma_critpath": 0, "text": "I'll always prefer chromium over chrome. Thank you for your work.", "timestamp": "2021-01-24 07:17:56", "update_id": 274228, "user_id": 4054, "id": 1833870, "testcase_feedback": [], "user": {"name": "boycottsystemd1", "email": "boycottsystemd@yahoo.com", "id": 4054, "avatar": "https://seccdn.libravatar.org/avatar/72822ae5aa82ed9dc6cb7bb35646270744387f81df9ec50d2903e8d4e0bd8691?s=24&d=retro", "openid": "boycottsystemd1.id.fedoraproject.org", "groups": [{"name": "ipausers"}]}}}, {"karma": 0, "comment_id": 1832013, "bug_id": 1918241, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-22 19:12:00", "update_id": 274227, "user_id": 2935, "id": 1832013, "testcase_feedback": [], "user": {"name": "imabug", "email": "eugenemah@gmail.com", "id": 2935, "avatar": "https://seccdn.libravatar.org/avatar/ea8ba927783ee0ef10e6f05f14791abf925972bac4f31aba458058d3e7907a6d?s=24&d=retro", "openid": "imabug.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedora-hams"}]}}}, {"karma": 0, "comment_id": 1833107, "bug_id": 1918241, "comment": {"karma": 1, "karma_critpath": 0, "text": "Firefox FTW!", "timestamp": "2021-01-23 13:37:43", "update_id": 274227, "user_id": 4120, "id": 1833107, "testcase_feedback": [], "user": {"name": "atim", "email": "ego.cordatus@gmail.com", "id": 4120, "avatar": "https://seccdn.libravatar.org/avatar/8c3a317a13d88ca7421098b94cce0501c97ca2283e7139c4992df34f6218fb3b?s=24&d=retro", "openid": "atim.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "rust-sig"}]}}}, {"karma": 0, "comment_id": 1833372, "bug_id": 1918241, "comment": {"karma": 1, "karma_critpath": 0, "text": "**Thank you for maintaining the rpm !**", "timestamp": "2021-01-23 19:00:03", "update_id": 274227, "user_id": 6171, "id": 1833372, "testcase_feedback": [], "user": {"name": "x3dsf", "email": "talktofergus@gmail.com", "id": 6171, "avatar": "https://seccdn.libravatar.org/avatar/d05ae1bb65ea90306d28213b40ba72ff40de91b48767b282b0ae4f6a9fdee9f5?s=24&d=retro", "openid": "x3dsf.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1833207, "bug_id": 1918241, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-23 15:35:29", "update_id": 274227, "user_id": 5791, "id": 1833207, "testcase_feedback": [], "user": {"name": "pampelmuse", "email": "pampelmuse@gmx.at", "id": 5791, "avatar": "https://seccdn.libravatar.org/avatar/bb6c6342bfedc934915501150e118faf015cde0f79677ee978989c5234cd8b1b?s=24&d=retro", "openid": "pampelmuse.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 0, "comment_id": 1833904, "bug_id": 1918241, "comment": {"karma": 1, "karma_critpath": 0, "text": "Thank you for maintaining this package and for 'ripping the patch' up front, without adding a long pain to it. \nAlso, for whoever is here asking themselves if there is a fully functional browser with sync-ing capabilities, the answer is yes: Firefox. ;-)\n", "timestamp": "2021-01-24 08:40:50", "update_id": 274227, "user_id": 4635, "id": 1833904, "testcase_feedback": [], "user": {"name": "ckristi", "email": "ckristi@gmail.com", "id": 4635, "avatar": "https://seccdn.libravatar.org/avatar/7470b7723a1569ad482dd778bfca90f0f22571f574746af4f90a84b55d52d90f?s=24&d=retro", "openid": "ckristi.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1835458, "bug_id": 1918241, "comment": {"karma": 0, "karma_critpath": 0, "text": "Please consider keeping the package updated going forward.\n\nWhile sync is certainly a useful feature, it's entirely possible to use Chromium without ever enabling it; some people might even consider the removal of this Google-specific functionality an improvement.\n\nFirefox is a very valid alternative, and what I personally use, but the fact that the two browsers use different engines makes it quite valuable to have both in the distribution.", "timestamp": "2021-01-24 23:16:22", "update_id": 274227, "user_id": 5346, "id": 1835458, "testcase_feedback": [], "user": {"name": "abologna", "email": "eof@kiyuko.org", "id": 5346, "avatar": "https://seccdn.libravatar.org/avatar/b3a32a0d2dcf11525bcda6c548a2e371fefce6e356c3761abeb43c51e38d320e?s=24&d=retro", "openid": "abologna.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "wikiedit"}, {"name": "kubevirt"}]}}}, {"karma": 0, "comment_id": 1836831, "bug_id": 1918241, "comment": {"karma": 0, "karma_critpath": 0, "text": "Is removal actually correct? The email thread says that APIs like safe browsing are still available, but they won't be any longer if the API keys get removed.", "timestamp": "2021-01-25 18:38:52", "update_id": 274227, "user_id": 4713, "id": 1836831, "testcase_feedback": [], "user": {"name": "refi64", "email": "rymg19@gmail.com", "id": 4713, "avatar": "https://seccdn.libravatar.org/avatar/46c688fd5c97a57db2e5d09d34cc92fb478308e4abf18ecd6bc2cc6de397b57d?s=24&d=retro", "openid": "refi64.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1839212, "bug_id": 1918241, "comment": {"karma": 0, "karma_critpath": 0, "text": "I would say replace the package with Ungoogled Chromium. This is effectively the same to end-users once the APIs are blocked, with one major gain which is complete google APIs block and removal at user-end to prevent any tracking act by google. ", "timestamp": "2021-01-27 05:44:28", "update_id": 274227, "user_id": 6181, "id": 1839212, "testcase_feedback": [], "user": {"name": "mahmoudajawad", "email": "m.abduljawad@hey.com", "id": 6181, "avatar": "https://seccdn.libravatar.org/avatar/8ca985ad1641c9cf4f27302a22af8e585a6394f11d7c68dfbd10a579280a022f?s=24&d=retro", "openid": "mahmoudajawad.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918241, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thanks a lot @spot for your work in maintaining chromium. I can assure you that we (cockpit team) depend on having a good Chromium Fedora package, and that your effort is much appreciated!\n\nHonestly I have a hard time shedding a lot of emotions about this. People who care about not using Google proprietary stuff (like me, although I use Firefox on desktop and phone) shouldn't/won't use  the proprietary bookmark sync either; and people who don't care will either not care much about using chrome vs. chromium?", "timestamp": "2021-01-27 09:10:47", "update_id": 274228, "user_id": 3506, "id": 1839392, "testcase_feedback": [], "user": {"name": "martinpitt", "email": "mpitt@redhat.com", "id": 3506, "avatar": "https://seccdn.libravatar.org/avatar/a6a00790fadaca10623f4464437e482d4ec110fe331397506ea9fe2664bec740?s=24&d=retro", "openid": "martinpitt.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "cockpitteam"}, {"name": "ocp-cico-cockpit"}]}}}, {"karma": 0, "comment_id": 1843772, "bug_id": 1918241, "comment": {"karma": 0, "karma_critpath": 0, "text": "Personally I don't care one bit for Sync of Geolocation services. Those are one of the first things I try disable when using a browser. The warning at the startup however made me think it was a far more serious change that could hurt browsing security. I would keep the package, if I wanted the full Google experience I'd stick with Google Chrome.", "timestamp": "2021-01-29 13:18:23", "update_id": 274227, "user_id": 6192, "id": 1843772, "testcase_feedback": [], "user": {"name": "vedora", "email": "weetjenu@protonmail.com", "id": 6192, "avatar": "https://seccdn.libravatar.org/avatar/661ef5fab323bf214decbd6867540656fcc4181e6de41aa37a3a05ecd429a9a6?s=24&d=retro", "openid": "vedora.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1883793, "bug_id": 1918241, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thank you for continuing to maintain the package! Your builds so far have been top notch and this persuaded me to switch to Chromium partly (earlier a full fledged Firefox user, from way back when I was using Windows). It is indeed a real shame that Google has <sha> let us all down so much! Considering how much they use Linux: Linux apps are the closest to an actual ecosystem on ChromiumOS, they regularly let their open source projects AOSP and Chromium (OS)) wither away..\n\nAs I have also posted on arnoldthebat's update (https://arnoldthebat.co.uk/wordpress/2021/02/10/important-update/comment-page-1/?unapproved=114658&moderation-hash=1f39af0354eeb66a2907c367d1c07e47#comment-114658), and as echoed in this (https://www.techrepublic.com/article/google-stripping-chromium-of-certain-api-access-is-an-opportunity-for-the-browser-to-shine/), is it potentially possible for us to use our own form of syncing for Chromium browsers alone? There are a lot of open source devs who maintain the browser, and in arnold's case, the OS, and easily 3x as many users who need it to get away from the bad tech giant. Maybe such an API should help us get away for good.. (I personally can help test this on a phone and my laptop, on atleast 3 distributions and Android, and if I could, would love to help with the code as well (I went into the medical field #( ), and I do think all of us can band together for a while to get Chromium back to where it was)", "timestamp": "2021-02-12 08:38:37", "update_id": 274227, "user_id": 6222, "id": 1883793, "testcase_feedback": [], "user": {"name": "djremo", "email": "sidharth.sundaresan@gmail.com", "id": 6222, "avatar": "https://seccdn.libravatar.org/avatar/a0124676ecb3849c13610fbb482fcf48d33d7098e712ca7b49b56e01760cc7f9?s=24&d=retro", "openid": "djremo.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1912121, "bug_id": 1918241, "comment": {"karma": 1, "karma_critpath": 0, "text": "WoW! I started to use Chromium a while back, and it was glorious. Thank you for making Chromium for the masses; everyone owes you a great debt of gratitude. What you did was awesome, and it is sad. I am not much of a coder, but I am a philosopher, and I offer a eulogy (yeah, it's a program, I know; I have not lost it, work with me here).\n\nToday, I eulogize something beautiful under the most tragic of circumstances. It is like the death of a child, something created and has part of that creator in it. We are left with the questions of what if and why. It was not due to a faceless disease or defect inherited from the parents; it was murder. We know who did it. The killer is someone that we once gladly welcomed into our home. We trusted them with our personal communications, our many questions, and the records of our lives, all with the singular promise not to be evil. That was the first lie, but not the last. \n\nThe friend that we once trusted turned on us, and in secret, they practiced the dark arts and were possessed with the spirit of Google (for they are too many). Today, they have killed their brother Chromium, and his code still cries out from the ground, but are we listening? Power corrupts, and absolute power corrupts absolutely, and now they have become death: the destroyer of worlds. \n\nPrince Chromium is dead, and now we are left with his useless brother sitting on the throne and breaking nuts with the royal seal. The King is dead; long live the king; now, what about us?", "timestamp": "2021-03-02 08:02:43", "update_id": 274227, "user_id": 6267, "id": 1912121, "testcase_feedback": [], "user": {"name": "whstoermer", "email": "whs_1984@hotmail.com", "id": 6267, "avatar": "https://seccdn.libravatar.org/avatar/ef94db85e17e29d82cb493106dd7fc9700940263b168aa427444855ac703c066?s=24&d=retro", "openid": "whstoermer.id.fedoraproject.org", "groups": []}}}]}, {"bug_id": 1918242, "title": "CVE-2021-21141 chromium-browser: Insufficient policy enforcement in File System API", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 1833300, "bug_id": 1918242, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works for me.", "timestamp": "2021-01-23 17:07:27", "update_id": 274227, "user_id": 273, "id": 1833300, "testcase_feedback": [], "user": {"name": "wolnei", "email": "e@wolnei.com.br", "id": 273, "avatar": "https://seccdn.libravatar.org/avatar/80619c350617edf030f2667bd8ffe77ff68f515022f339677c4571a0b2ec8296?s=24&d=retro", "openid": "wolnei.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "triagers"}, {"name": "advocates"}]}}}, {"karma": 0, "comment_id": 1832161, "bug_id": 1918242, "comment": {"karma": 0, "karma_critpath": 0, "text": "I'm not sure that 'disabling' sync that early before EOL is the best option.\nMessage and link popping up under toolbar does not explain what's going on and what the user can do about it: https://www.chromium.org/developers/how-tos/api-keys\n\nIt would be great to replace it with a link to some quick-doc explaining what and why will happen in March and what to do about it (that Firefox can import most data and sync it between multiple devices and platforms). Maybe in the meantime some alternative will arise, e.g. Firefox Sync adapted in Chromium or other synchronization engine, after all many distros will have this problem and probably some devs rely on that feature.\n\nI'm using Chromium just to test website compatibility, but I installed or recommended it for many non-technical users as a Chrome replacement. I'm pretty sure most users don't check bodhi and won't know what hit them.", "timestamp": "2021-01-22 21:24:10", "update_id": 274227, "user_id": 3674, "id": 1832161, "testcase_feedback": [], "user": {"name": "ozeszty", "email": "ozeszty@gmail.com", "id": 3674, "avatar": "https://seccdn.libravatar.org/avatar/9aeace02fa2d54f1f5febd3460182261a6a518035ea75cc9d788240d6e669cbe?s=24&d=retro", "openid": "ozeszty.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918242, "comment": {"karma": 1, "karma_critpath": 0, "text": "I'll always prefer chromium over chrome. Thank you for your work.", "timestamp": "2021-01-24 07:17:56", "update_id": 274228, "user_id": 4054, "id": 1833870, "testcase_feedback": [], "user": {"name": "boycottsystemd1", "email": "boycottsystemd@yahoo.com", "id": 4054, "avatar": "https://seccdn.libravatar.org/avatar/72822ae5aa82ed9dc6cb7bb35646270744387f81df9ec50d2903e8d4e0bd8691?s=24&d=retro", "openid": "boycottsystemd1.id.fedoraproject.org", "groups": [{"name": "ipausers"}]}}}, {"karma": 0, "comment_id": 1832013, "bug_id": 1918242, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-22 19:12:00", "update_id": 274227, "user_id": 2935, "id": 1832013, "testcase_feedback": [], "user": {"name": "imabug", "email": "eugenemah@gmail.com", "id": 2935, "avatar": "https://seccdn.libravatar.org/avatar/ea8ba927783ee0ef10e6f05f14791abf925972bac4f31aba458058d3e7907a6d?s=24&d=retro", "openid": "imabug.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedora-hams"}]}}}, {"karma": 0, "comment_id": 1833107, "bug_id": 1918242, "comment": {"karma": 1, "karma_critpath": 0, "text": "Firefox FTW!", "timestamp": "2021-01-23 13:37:43", "update_id": 274227, "user_id": 4120, "id": 1833107, "testcase_feedback": [], "user": {"name": "atim", "email": "ego.cordatus@gmail.com", "id": 4120, "avatar": "https://seccdn.libravatar.org/avatar/8c3a317a13d88ca7421098b94cce0501c97ca2283e7139c4992df34f6218fb3b?s=24&d=retro", "openid": "atim.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "rust-sig"}]}}}, {"karma": 0, "comment_id": 1833372, "bug_id": 1918242, "comment": {"karma": 1, "karma_critpath": 0, "text": "**Thank you for maintaining the rpm !**", "timestamp": "2021-01-23 19:00:03", "update_id": 274227, "user_id": 6171, "id": 1833372, "testcase_feedback": [], "user": {"name": "x3dsf", "email": "talktofergus@gmail.com", "id": 6171, "avatar": "https://seccdn.libravatar.org/avatar/d05ae1bb65ea90306d28213b40ba72ff40de91b48767b282b0ae4f6a9fdee9f5?s=24&d=retro", "openid": "x3dsf.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1833207, "bug_id": 1918242, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-23 15:35:29", "update_id": 274227, "user_id": 5791, "id": 1833207, "testcase_feedback": [], "user": {"name": "pampelmuse", "email": "pampelmuse@gmx.at", "id": 5791, "avatar": "https://seccdn.libravatar.org/avatar/bb6c6342bfedc934915501150e118faf015cde0f79677ee978989c5234cd8b1b?s=24&d=retro", "openid": "pampelmuse.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 0, "comment_id": 1833904, "bug_id": 1918242, "comment": {"karma": 1, "karma_critpath": 0, "text": "Thank you for maintaining this package and for 'ripping the patch' up front, without adding a long pain to it. \nAlso, for whoever is here asking themselves if there is a fully functional browser with sync-ing capabilities, the answer is yes: Firefox. ;-)\n", "timestamp": "2021-01-24 08:40:50", "update_id": 274227, "user_id": 4635, "id": 1833904, "testcase_feedback": [], "user": {"name": "ckristi", "email": "ckristi@gmail.com", "id": 4635, "avatar": "https://seccdn.libravatar.org/avatar/7470b7723a1569ad482dd778bfca90f0f22571f574746af4f90a84b55d52d90f?s=24&d=retro", "openid": "ckristi.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1835458, "bug_id": 1918242, "comment": {"karma": 0, "karma_critpath": 0, "text": "Please consider keeping the package updated going forward.\n\nWhile sync is certainly a useful feature, it's entirely possible to use Chromium without ever enabling it; some people might even consider the removal of this Google-specific functionality an improvement.\n\nFirefox is a very valid alternative, and what I personally use, but the fact that the two browsers use different engines makes it quite valuable to have both in the distribution.", "timestamp": "2021-01-24 23:16:22", "update_id": 274227, "user_id": 5346, "id": 1835458, "testcase_feedback": [], "user": {"name": "abologna", "email": "eof@kiyuko.org", "id": 5346, "avatar": "https://seccdn.libravatar.org/avatar/b3a32a0d2dcf11525bcda6c548a2e371fefce6e356c3761abeb43c51e38d320e?s=24&d=retro", "openid": "abologna.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "wikiedit"}, {"name": "kubevirt"}]}}}, {"karma": 0, "comment_id": 1836831, "bug_id": 1918242, "comment": {"karma": 0, "karma_critpath": 0, "text": "Is removal actually correct? The email thread says that APIs like safe browsing are still available, but they won't be any longer if the API keys get removed.", "timestamp": "2021-01-25 18:38:52", "update_id": 274227, "user_id": 4713, "id": 1836831, "testcase_feedback": [], "user": {"name": "refi64", "email": "rymg19@gmail.com", "id": 4713, "avatar": "https://seccdn.libravatar.org/avatar/46c688fd5c97a57db2e5d09d34cc92fb478308e4abf18ecd6bc2cc6de397b57d?s=24&d=retro", "openid": "refi64.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1839212, "bug_id": 1918242, "comment": {"karma": 0, "karma_critpath": 0, "text": "I would say replace the package with Ungoogled Chromium. This is effectively the same to end-users once the APIs are blocked, with one major gain which is complete google APIs block and removal at user-end to prevent any tracking act by google. ", "timestamp": "2021-01-27 05:44:28", "update_id": 274227, "user_id": 6181, "id": 1839212, "testcase_feedback": [], "user": {"name": "mahmoudajawad", "email": "m.abduljawad@hey.com", "id": 6181, "avatar": "https://seccdn.libravatar.org/avatar/8ca985ad1641c9cf4f27302a22af8e585a6394f11d7c68dfbd10a579280a022f?s=24&d=retro", "openid": "mahmoudajawad.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918242, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thanks a lot @spot for your work in maintaining chromium. I can assure you that we (cockpit team) depend on having a good Chromium Fedora package, and that your effort is much appreciated!\n\nHonestly I have a hard time shedding a lot of emotions about this. People who care about not using Google proprietary stuff (like me, although I use Firefox on desktop and phone) shouldn't/won't use  the proprietary bookmark sync either; and people who don't care will either not care much about using chrome vs. chromium?", "timestamp": "2021-01-27 09:10:47", "update_id": 274228, "user_id": 3506, "id": 1839392, "testcase_feedback": [], "user": {"name": "martinpitt", "email": "mpitt@redhat.com", "id": 3506, "avatar": "https://seccdn.libravatar.org/avatar/a6a00790fadaca10623f4464437e482d4ec110fe331397506ea9fe2664bec740?s=24&d=retro", "openid": "martinpitt.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "cockpitteam"}, {"name": "ocp-cico-cockpit"}]}}}, {"karma": 0, "comment_id": 1843772, "bug_id": 1918242, "comment": {"karma": 0, "karma_critpath": 0, "text": "Personally I don't care one bit for Sync of Geolocation services. Those are one of the first things I try disable when using a browser. The warning at the startup however made me think it was a far more serious change that could hurt browsing security. I would keep the package, if I wanted the full Google experience I'd stick with Google Chrome.", "timestamp": "2021-01-29 13:18:23", "update_id": 274227, "user_id": 6192, "id": 1843772, "testcase_feedback": [], "user": {"name": "vedora", "email": "weetjenu@protonmail.com", "id": 6192, "avatar": "https://seccdn.libravatar.org/avatar/661ef5fab323bf214decbd6867540656fcc4181e6de41aa37a3a05ecd429a9a6?s=24&d=retro", "openid": "vedora.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1883793, "bug_id": 1918242, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thank you for continuing to maintain the package! Your builds so far have been top notch and this persuaded me to switch to Chromium partly (earlier a full fledged Firefox user, from way back when I was using Windows). It is indeed a real shame that Google has <sha> let us all down so much! Considering how much they use Linux: Linux apps are the closest to an actual ecosystem on ChromiumOS, they regularly let their open source projects AOSP and Chromium (OS)) wither away..\n\nAs I have also posted on arnoldthebat's update (https://arnoldthebat.co.uk/wordpress/2021/02/10/important-update/comment-page-1/?unapproved=114658&moderation-hash=1f39af0354eeb66a2907c367d1c07e47#comment-114658), and as echoed in this (https://www.techrepublic.com/article/google-stripping-chromium-of-certain-api-access-is-an-opportunity-for-the-browser-to-shine/), is it potentially possible for us to use our own form of syncing for Chromium browsers alone? There are a lot of open source devs who maintain the browser, and in arnold's case, the OS, and easily 3x as many users who need it to get away from the bad tech giant. Maybe such an API should help us get away for good.. (I personally can help test this on a phone and my laptop, on atleast 3 distributions and Android, and if I could, would love to help with the code as well (I went into the medical field #( ), and I do think all of us can band together for a while to get Chromium back to where it was)", "timestamp": "2021-02-12 08:38:37", "update_id": 274227, "user_id": 6222, "id": 1883793, "testcase_feedback": [], "user": {"name": "djremo", "email": "sidharth.sundaresan@gmail.com", "id": 6222, "avatar": "https://seccdn.libravatar.org/avatar/a0124676ecb3849c13610fbb482fcf48d33d7098e712ca7b49b56e01760cc7f9?s=24&d=retro", "openid": "djremo.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1912121, "bug_id": 1918242, "comment": {"karma": 1, "karma_critpath": 0, "text": "WoW! I started to use Chromium a while back, and it was glorious. Thank you for making Chromium for the masses; everyone owes you a great debt of gratitude. What you did was awesome, and it is sad. I am not much of a coder, but I am a philosopher, and I offer a eulogy (yeah, it's a program, I know; I have not lost it, work with me here).\n\nToday, I eulogize something beautiful under the most tragic of circumstances. It is like the death of a child, something created and has part of that creator in it. We are left with the questions of what if and why. It was not due to a faceless disease or defect inherited from the parents; it was murder. We know who did it. The killer is someone that we once gladly welcomed into our home. We trusted them with our personal communications, our many questions, and the records of our lives, all with the singular promise not to be evil. That was the first lie, but not the last. \n\nThe friend that we once trusted turned on us, and in secret, they practiced the dark arts and were possessed with the spirit of Google (for they are too many). Today, they have killed their brother Chromium, and his code still cries out from the ground, but are we listening? Power corrupts, and absolute power corrupts absolutely, and now they have become death: the destroyer of worlds. \n\nPrince Chromium is dead, and now we are left with his useless brother sitting on the throne and breaking nuts with the royal seal. The King is dead; long live the king; now, what about us?", "timestamp": "2021-03-02 08:02:43", "update_id": 274227, "user_id": 6267, "id": 1912121, "testcase_feedback": [], "user": {"name": "whstoermer", "email": "whs_1984@hotmail.com", "id": 6267, "avatar": "https://seccdn.libravatar.org/avatar/ef94db85e17e29d82cb493106dd7fc9700940263b168aa427444855ac703c066?s=24&d=retro", "openid": "whstoermer.id.fedoraproject.org", "groups": []}}}]}, {"bug_id": 1918277, "title": "CVE-2021-21118 CVE-2021-21119 CVE-2021-21120 CVE-2021-21121 CVE-2021-21122 CVE-2021-21123 CVE-2021-21124 CVE-2021-21125 CVE-2021-21126 CVE-2021-21127 CVE-2021-21129 CVE-2021-21130 CVE-2021-21131 CVE-2021-21132 ... chromium: various flaws [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 1833300, "bug_id": 1918277, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works for me.", "timestamp": "2021-01-23 17:07:27", "update_id": 274227, "user_id": 273, "id": 1833300, "testcase_feedback": [], "user": {"name": "wolnei", "email": "e@wolnei.com.br", "id": 273, "avatar": "https://seccdn.libravatar.org/avatar/80619c350617edf030f2667bd8ffe77ff68f515022f339677c4571a0b2ec8296?s=24&d=retro", "openid": "wolnei.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "triagers"}, {"name": "advocates"}]}}}, {"karma": 0, "comment_id": 1832161, "bug_id": 1918277, "comment": {"karma": 0, "karma_critpath": 0, "text": "I'm not sure that 'disabling' sync that early before EOL is the best option.\nMessage and link popping up under toolbar does not explain what's going on and what the user can do about it: https://www.chromium.org/developers/how-tos/api-keys\n\nIt would be great to replace it with a link to some quick-doc explaining what and why will happen in March and what to do about it (that Firefox can import most data and sync it between multiple devices and platforms). Maybe in the meantime some alternative will arise, e.g. Firefox Sync adapted in Chromium or other synchronization engine, after all many distros will have this problem and probably some devs rely on that feature.\n\nI'm using Chromium just to test website compatibility, but I installed or recommended it for many non-technical users as a Chrome replacement. I'm pretty sure most users don't check bodhi and won't know what hit them.", "timestamp": "2021-01-22 21:24:10", "update_id": 274227, "user_id": 3674, "id": 1832161, "testcase_feedback": [], "user": {"name": "ozeszty", "email": "ozeszty@gmail.com", "id": 3674, "avatar": "https://seccdn.libravatar.org/avatar/9aeace02fa2d54f1f5febd3460182261a6a518035ea75cc9d788240d6e669cbe?s=24&d=retro", "openid": "ozeszty.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1833870, "bug_id": 1918277, "comment": {"karma": 1, "karma_critpath": 0, "text": "I'll always prefer chromium over chrome. Thank you for your work.", "timestamp": "2021-01-24 07:17:56", "update_id": 274228, "user_id": 4054, "id": 1833870, "testcase_feedback": [], "user": {"name": "boycottsystemd1", "email": "boycottsystemd@yahoo.com", "id": 4054, "avatar": "https://seccdn.libravatar.org/avatar/72822ae5aa82ed9dc6cb7bb35646270744387f81df9ec50d2903e8d4e0bd8691?s=24&d=retro", "openid": "boycottsystemd1.id.fedoraproject.org", "groups": [{"name": "ipausers"}]}}}, {"karma": 0, "comment_id": 1832013, "bug_id": 1918277, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-22 19:12:00", "update_id": 274227, "user_id": 2935, "id": 1832013, "testcase_feedback": [], "user": {"name": "imabug", "email": "eugenemah@gmail.com", "id": 2935, "avatar": "https://seccdn.libravatar.org/avatar/ea8ba927783ee0ef10e6f05f14791abf925972bac4f31aba458058d3e7907a6d?s=24&d=retro", "openid": "imabug.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedora-hams"}]}}}, {"karma": 0, "comment_id": 1833107, "bug_id": 1918277, "comment": {"karma": 1, "karma_critpath": 0, "text": "Firefox FTW!", "timestamp": "2021-01-23 13:37:43", "update_id": 274227, "user_id": 4120, "id": 1833107, "testcase_feedback": [], "user": {"name": "atim", "email": "ego.cordatus@gmail.com", "id": 4120, "avatar": "https://seccdn.libravatar.org/avatar/8c3a317a13d88ca7421098b94cce0501c97ca2283e7139c4992df34f6218fb3b?s=24&d=retro", "openid": "atim.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "rust-sig"}]}}}, {"karma": 0, "comment_id": 1833372, "bug_id": 1918277, "comment": {"karma": 1, "karma_critpath": 0, "text": "**Thank you for maintaining the rpm !**", "timestamp": "2021-01-23 19:00:03", "update_id": 274227, "user_id": 6171, "id": 1833372, "testcase_feedback": [], "user": {"name": "x3dsf", "email": "talktofergus@gmail.com", "id": 6171, "avatar": "https://seccdn.libravatar.org/avatar/d05ae1bb65ea90306d28213b40ba72ff40de91b48767b282b0ae4f6a9fdee9f5?s=24&d=retro", "openid": "x3dsf.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1833207, "bug_id": 1918277, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-01-23 15:35:29", "update_id": 274227, "user_id": 5791, "id": 1833207, "testcase_feedback": [], "user": {"name": "pampelmuse", "email": "pampelmuse@gmx.at", "id": 5791, "avatar": "https://seccdn.libravatar.org/avatar/bb6c6342bfedc934915501150e118faf015cde0f79677ee978989c5234cd8b1b?s=24&d=retro", "openid": "pampelmuse.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 0, "comment_id": 1833904, "bug_id": 1918277, "comment": {"karma": 1, "karma_critpath": 0, "text": "Thank you for maintaining this package and for 'ripping the patch' up front, without adding a long pain to it. \nAlso, for whoever is here asking themselves if there is a fully functional browser with sync-ing capabilities, the answer is yes: Firefox. ;-)\n", "timestamp": "2021-01-24 08:40:50", "update_id": 274227, "user_id": 4635, "id": 1833904, "testcase_feedback": [], "user": {"name": "ckristi", "email": "ckristi@gmail.com", "id": 4635, "avatar": "https://seccdn.libravatar.org/avatar/7470b7723a1569ad482dd778bfca90f0f22571f574746af4f90a84b55d52d90f?s=24&d=retro", "openid": "ckristi.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1835458, "bug_id": 1918277, "comment": {"karma": 0, "karma_critpath": 0, "text": "Please consider keeping the package updated going forward.\n\nWhile sync is certainly a useful feature, it's entirely possible to use Chromium without ever enabling it; some people might even consider the removal of this Google-specific functionality an improvement.\n\nFirefox is a very valid alternative, and what I personally use, but the fact that the two browsers use different engines makes it quite valuable to have both in the distribution.", "timestamp": "2021-01-24 23:16:22", "update_id": 274227, "user_id": 5346, "id": 1835458, "testcase_feedback": [], "user": {"name": "abologna", "email": "eof@kiyuko.org", "id": 5346, "avatar": "https://seccdn.libravatar.org/avatar/b3a32a0d2dcf11525bcda6c548a2e371fefce6e356c3761abeb43c51e38d320e?s=24&d=retro", "openid": "abologna.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "wikiedit"}, {"name": "kubevirt"}]}}}, {"karma": 0, "comment_id": 1836831, "bug_id": 1918277, "comment": {"karma": 0, "karma_critpath": 0, "text": "Is removal actually correct? The email thread says that APIs like safe browsing are still available, but they won't be any longer if the API keys get removed.", "timestamp": "2021-01-25 18:38:52", "update_id": 274227, "user_id": 4713, "id": 1836831, "testcase_feedback": [], "user": {"name": "refi64", "email": "rymg19@gmail.com", "id": 4713, "avatar": "https://seccdn.libravatar.org/avatar/46c688fd5c97a57db2e5d09d34cc92fb478308e4abf18ecd6bc2cc6de397b57d?s=24&d=retro", "openid": "refi64.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 1839212, "bug_id": 1918277, "comment": {"karma": 0, "karma_critpath": 0, "text": "I would say replace the package with Ungoogled Chromium. This is effectively the same to end-users once the APIs are blocked, with one major gain which is complete google APIs block and removal at user-end to prevent any tracking act by google. ", "timestamp": "2021-01-27 05:44:28", "update_id": 274227, "user_id": 6181, "id": 1839212, "testcase_feedback": [], "user": {"name": "mahmoudajawad", "email": "m.abduljawad@hey.com", "id": 6181, "avatar": "https://seccdn.libravatar.org/avatar/8ca985ad1641c9cf4f27302a22af8e585a6394f11d7c68dfbd10a579280a022f?s=24&d=retro", "openid": "mahmoudajawad.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1839392, "bug_id": 1918277, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thanks a lot @spot for your work in maintaining chromium. I can assure you that we (cockpit team) depend on having a good Chromium Fedora package, and that your effort is much appreciated!\n\nHonestly I have a hard time shedding a lot of emotions about this. People who care about not using Google proprietary stuff (like me, although I use Firefox on desktop and phone) shouldn't/won't use  the proprietary bookmark sync either; and people who don't care will either not care much about using chrome vs. chromium?", "timestamp": "2021-01-27 09:10:47", "update_id": 274228, "user_id": 3506, "id": 1839392, "testcase_feedback": [], "user": {"name": "martinpitt", "email": "mpitt@redhat.com", "id": 3506, "avatar": "https://seccdn.libravatar.org/avatar/a6a00790fadaca10623f4464437e482d4ec110fe331397506ea9fe2664bec740?s=24&d=retro", "openid": "martinpitt.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "cockpitteam"}, {"name": "ocp-cico-cockpit"}]}}}, {"karma": 0, "comment_id": 1843772, "bug_id": 1918277, "comment": {"karma": 0, "karma_critpath": 0, "text": "Personally I don't care one bit for Sync of Geolocation services. Those are one of the first things I try disable when using a browser. The warning at the startup however made me think it was a far more serious change that could hurt browsing security. I would keep the package, if I wanted the full Google experience I'd stick with Google Chrome.", "timestamp": "2021-01-29 13:18:23", "update_id": 274227, "user_id": 6192, "id": 1843772, "testcase_feedback": [], "user": {"name": "vedora", "email": "weetjenu@protonmail.com", "id": 6192, "avatar": "https://seccdn.libravatar.org/avatar/661ef5fab323bf214decbd6867540656fcc4181e6de41aa37a3a05ecd429a9a6?s=24&d=retro", "openid": "vedora.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1883793, "bug_id": 1918277, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thank you for continuing to maintain the package! Your builds so far have been top notch and this persuaded me to switch to Chromium partly (earlier a full fledged Firefox user, from way back when I was using Windows). It is indeed a real shame that Google has <sha> let us all down so much! Considering how much they use Linux: Linux apps are the closest to an actual ecosystem on ChromiumOS, they regularly let their open source projects AOSP and Chromium (OS)) wither away..\n\nAs I have also posted on arnoldthebat's update (https://arnoldthebat.co.uk/wordpress/2021/02/10/important-update/comment-page-1/?unapproved=114658&moderation-hash=1f39af0354eeb66a2907c367d1c07e47#comment-114658), and as echoed in this (https://www.techrepublic.com/article/google-stripping-chromium-of-certain-api-access-is-an-opportunity-for-the-browser-to-shine/), is it potentially possible for us to use our own form of syncing for Chromium browsers alone? There are a lot of open source devs who maintain the browser, and in arnold's case, the OS, and easily 3x as many users who need it to get away from the bad tech giant. Maybe such an API should help us get away for good.. (I personally can help test this on a phone and my laptop, on atleast 3 distributions and Android, and if I could, would love to help with the code as well (I went into the medical field #( ), and I do think all of us can band together for a while to get Chromium back to where it was)", "timestamp": "2021-02-12 08:38:37", "update_id": 274227, "user_id": 6222, "id": 1883793, "testcase_feedback": [], "user": {"name": "djremo", "email": "sidharth.sundaresan@gmail.com", "id": 6222, "avatar": "https://seccdn.libravatar.org/avatar/a0124676ecb3849c13610fbb482fcf48d33d7098e712ca7b49b56e01760cc7f9?s=24&d=retro", "openid": "djremo.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1912121, "bug_id": 1918277, "comment": {"karma": 1, "karma_critpath": 0, "text": "WoW! I started to use Chromium a while back, and it was glorious. Thank you for making Chromium for the masses; everyone owes you a great debt of gratitude. What you did was awesome, and it is sad. I am not much of a coder, but I am a philosopher, and I offer a eulogy (yeah, it's a program, I know; I have not lost it, work with me here).\n\nToday, I eulogize something beautiful under the most tragic of circumstances. It is like the death of a child, something created and has part of that creator in it. We are left with the questions of what if and why. It was not due to a faceless disease or defect inherited from the parents; it was murder. We know who did it. The killer is someone that we once gladly welcomed into our home. We trusted them with our personal communications, our many questions, and the records of our lives, all with the singular promise not to be evil. That was the first lie, but not the last. \n\nThe friend that we once trusted turned on us, and in secret, they practiced the dark arts and were possessed with the spirit of Google (for they are too many). Today, they have killed their brother Chromium, and his code still cries out from the ground, but are we listening? Power corrupts, and absolute power corrupts absolutely, and now they have become death: the destroyer of worlds. \n\nPrince Chromium is dead, and now we are left with his useless brother sitting on the throne and breaking nuts with the royal seal. The King is dead; long live the king; now, what about us?", "timestamp": "2021-03-02 08:02:43", "update_id": 274227, "user_id": 6267, "id": 1912121, "testcase_feedback": [], "user": {"name": "whstoermer", "email": "whs_1984@hotmail.com", "id": 6267, "avatar": "https://seccdn.libravatar.org/avatar/ef94db85e17e29d82cb493106dd7fc9700940263b168aa427444855ac703c066?s=24&d=retro", "openid": "whstoermer.id.fedoraproject.org", "groups": []}}}]}], "updateid": "FEDORA-2021-b7cc24375b", "karma": 1, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}