While I like the idea of the project, it frequently is behind on updates (recent discussion, been over a month since it got an update while Brave updated yesterday, which is a violation of the PG browser requirements), the site/repo is allegedly frequently down (recent discussion), and there’s no technical explanation of why it could be used instead of Brave.
I understand that the developer is “VERY busy with work” (I can’t imagine maintaining a web browser), but when we have Vanadium, Brave, and IronFox (listed as waiting as a rec), I don’t see a reason for Cromite to continue to be recommended alongside projects that offer the same or more features and are able to hang with upstream updates better.
If Cromite is going to be continued to be recommended, I think there at least needs to be a flag about historical update lags and perhaps a reason why you’d want to use it over Brave (or Brave Origin).
@team Something has to happen now. You can’t keep recommending a browser with over a month’s worth of security fixes missing. I would assume a large part of the people who follow your recommendations are not aware of this, put trust into the recommendations that PG makes, and assume that only browsers that are actually keeping up with updates are listed.
Sadly, this is par for the course. Ever since PG messed up the Skiff recommendation, they have been unapologetically slow about tool suggestions / site development.
This episode may be justification for a new requirement… something like:
“Releases updates incorporating upstream security patches within X of their availability to developers”
As to what X should be, I’m not too sure. We can agree that 30 days is a dangerous lag. But 30 minutes, probably an unreasonable expectation. So where’s the line? When is security under threat?