Update: On Jan. 1, 2021, an updated Chromium package moved into the Debian Stable repository. Hopefully it will also become part of the Testing repo and appear in the next Debian release. The original post follows:
I guess I knew that the Chromium web browser — the code from the open-source project that is still coded by Google people but isn’t fully Googled — was very out of date in the Debian Stable repository.
But I didn’t know how bad it was until I started digging. Digging is easy in Debian.
While the rest of the web-browsing world was on version 87, Debian users are stuck with version 83. And that version 83 hasn’t been patched or otherwise updated since July 12. That’s more than six months at this point.
Whenever something’s not right with a Debian package, the place to turn is the bug reports.
There have been problems. Chromium is notoriously hard to package. There are unresolved issues with dependencies. Plus packaging of Chromium for Debian appears to be the responsibility of a one-man army. I’m not even sure if this guy Michael is the maintainer of the package. It doesn’t look like he is. Others are trying to help, but Debian Stable is old, and Chromium needs some other, newer packages in order to run.
It has gotten so bad that Chromium was removed from the Testing repository that is slated to become the next Debian release sometime next year. That could be bad news if the situation isn’t resolved before the “freeze” of Testing in anticipation of Debian 11/Bullseye.
Debian has always done a great job with Firefox. It ships with Debian desktop ISOs, and it is a priority for Debian Developers. Chromium, with its Googly origins, is not.
But many of us need Chromium/Chrome. It’s the IE of the 2020s, and sometimes Firefox doesn’t quite cut it. Like it or not, Google services run better on Chrome. And I use a lot of Google services in my day job. For my non-work browsing, I use Firefox, but when I’m snatching chocolates off the belt and putting them in boxes, it’s all Chromium.
I have Flatpak enabled on my Debian Stable/Buster system, and I thought that might solve my problem. There is a Chromium Flatpak. There is also Ungoogled Chromium, which I just learned exists.
Neither of these Flatpaks would install. The error message said my version of the flatpak package is too old. Debian’s Buster Backports repository has a newer version of flatpak, and I’m already set up for Backports, so I got the new flatpak package.
Chromium and Ungoogled Chromium still wouldn’t install from Flathub.
There were error messages, but I really don’t care about them, so I didn’t write down what they said.
I just need to get this system working with a Chromium web browser that HAS ACTUALLY RECEIVED A SECURITY PATCH IN THE PAST SIX MONTHS.
This is a huge problem.
In many ways, the idea of a never-changing Stable operating system and a constantly changing web browser doesn’t make sense. That’s why Debian ships Firefox ESR (Extended Support Release) instead of “regular” Firefox.
So what did I do about Chromium?
I used the nuclear option. Or in this case the tactical nuclear option. The nuclear option is wiping Debian Stable and installing a Linux distribution that includes an up-to-date Chromium and is committed to keeping it that way.
The tactical nuclear option — for me anyway — is downloading the .deb of Chrome from Google and using dpkg to install it, knowing that the package adds the Google Chrome repository to my sources.list, and now Google is in charge of updating the browser for me.
I’m already logging into Google to sync my bookmarks and other settings, in addition to being logged into Google Apps, so insisting I have Chromium instead of Chrome is nowhere near a hill I need to die on.
I just need a working, secure Chrome/Chromium browser. And now I have one.
I considered moving to Fedora — or even the dreaded CentOS Stream (another topic for another day) — so I could get the up-to-date Chromium that the Fedora Project packages for its own distro as well as the RHEL/CentOS EPEL repo.
(There was a time in the mid-level distant past when Chromium was a problem for Fedora as well. But the distro seems to have it under control now.)
I could also move to Ubuntu, where that distro’s decision to only offer Chromium as a Snap package has been controversial. The decision on Ubuntu’s part was a labor issue. It’s so hard to package Chromium that they can do it once for the Snap and use that on all their Snap-enabled releases.
I could even try Snap in Debian Stable, but how much do I have to do to get a secure version of what for many people is their most important, most used app?
Sometimes things are broken in Debian. Literally it could be a package that doesn’t work. Sometimes it’s philosophical: Is it The Debian Way? That often combines with developer attention or interest — and the lack thereof — to leave a gaping hole in the distro.
For instance, it’s hard to get a working IDE in Debian. That’s why I turned to Flatpak in the first place. It’s the easiest (to me) way to get NetBeans, IntelliJ and Eclipse. Yep, even Eclipse fell out of the Debian repo.
Another think I’ve learned over the past year or so is that while alternative packaging systems like Flathub, Snap and AppImage have their place in the Linux ecosystem, it’s hard to beat traditional Linux packaging (.deb and .rpm).
I have spent a few long periods of time running Debian Stable, just as I have Fedora. Those are the two distros I’ve run the most. They couldn’t be on more opposite ends of the spectrum. Debian stays the same throughout the release, and Fedora changes all the time. You always run into problems in both cases. Not too many problems. I always say there’s about one mid-level problem per year in both distros.
For my time running Debian 10, Chromium is my problem. At least I’ve been able to solve it. You may not agree with using Google’s Chrome repo, but it gets the job done. If I didn’t use any Google services, that would be one thing, but since I use many, this makes the most sense for me right now.
When I finally get around to buying a bigger NVMe SSD drive and reinstalling my operating system, this situation will factor into my choice of Linux distribution. No question about that.
Update: As of Sunday, Dec. 20, 2020, a new Chromium (version 87) is now in Debian Sid/Unstable.
Comment on this post at Hacker News or Reddit.