[Pkg-chromium-maint] Bug#893159: src:chromium-browser: Please ship an Architecture: all hstspreload package

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Mar 16 23:13:37 UTC 2018


Package: src:chromium-browser
Version: 65.0.3325.146-4
Severity: wishlist

The chromium source package contains an up-to-date version of the
chromium "HSTS preload list".  for example:

https://sources.debian.org/src/chromium-browser/65.0.3325.146-4/net/http/transport_security_state_static.json/

Other software besideds chromium can make use of this file to provide
users with an up-to-date way to avoid cleartext http connections.

It'd be great to ship a copy of this file in a separate debian
package, for other packages to depend on.

my thought is that it could ship the latest version of
transport_security_state_static.json in a package named "hstspreload"
somewhere in /usr/share/hstspreload/.

Even better would be to use net/tools/dafsa/make_dafsa.py to produce a
compact, rapid-access .dafsa binary file that could be loaded and
searched rapidly by other software.  I believe the dafsa file would be
significantly smaller than the .json, so perhaps it should be in its
own package, hsts-preload-dafsa.

the .dafsa data would be useful for
https://gitlab.com/rockdaboot/libhsts, which i'm hoping to package and
put into debian.  (it has a copy of hsts-make-dafsa, which should be
pretty close to chromium's make-dafsa.

This package would be equivalent to publicsuffix, dns-root-data,
ca-certificates, and tzata -- information about the state of the world
or the global network that really should be updated regularly in the
same way that we expect packages to be updated.

If the chromium maintainers aren't interested in shipping this from
the chromium package, i can always make a new hstspreload source
package, but i'd prefer to avoid the embedded code copies if we can.
let me know what you think!

Regards,

        --dkg

-- System Information:
Debian Release: buster/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing'), (500, 'oldstable'), (200, 'unstable-debug'), (200, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)



More information about the Pkg-chromium-maint mailing list