Chromium from portable-apps isn't Chromium.

[paulirish]

Looking at the chromium cask source, why is the chromium package pulling from the portable apps repo? This isn't chromium and can't be verified as a legit binary. Is there a reason why we're not using official sources?

It'd be much better to use the continuous Chromium builds served from the project directly
http://www.chromium.org/getting-involved/download-chromium

Also addressing #2975 there is no such thing as a stable build of Chromium. It looks like the maintainer at http://www.freesmug.org/chromium is tracking down Chrome release branches and rebuilding, then tossing it through this script http://www.freesmug.org/portableapps:chromium to make http://www.freesmug.org/chromium . The SHA's on freesmug match whats on sourceforge. I've asked the maintainer to clarify how his builds work. Without that build process being open source I feel a little uncomfortable having all cask users pulling these packages.

I would be fine with portable-chromium being the cask name here. And it can track the "stable" branches as is being done now.

chromium however should be pulling from tip of tree, like it was done here.

cc @beaufortfrancois @lowski @nanoxd

[rolandwalker]

Thanks!

That's against policy, and we will address it immediately.

The prevalence of SourceForge URLs makes it harder to notice a non-canonical build. We are working on addressing the general issue a few different ways, including adding support for GPG signatures (#5971).

[tapeinosyne]

This is an unfortunate mistake.

To further specify what @rolandwalker said, our policy is to only merge official, “recognizable” releases in our main repository. (Forks can be considered “recognizable” as standalone, alternative versions with a known, trusted origin.) However, the consensus on this subject is relatively recent, and non-conformant casks may survive until someone reports them, as you did now.

[paulirish]

our policy is to only merge official, “recognizable” releases in our main repository.

cool cool. I had a feeling this was the case.

[jxs]

Even if there's no chromium stable, there are versions which are more stable than "right off the trunk.". I can understand and agree with @paulirish's issues with portable chromium, but would be great if there was some sort of "stable" offer. Do you have any suggestion for this @paulirish ?

[vitorgalvao]

@jxs Homebrew taps are easy to create and work for Homebrew-Cask in the same way they do for Homebrew. Since this is only an issue of what versions are available and from where, a tap to hold that cask should be sufficient.

We also have caskroom/homebrew-unofficial. From the README:

Casks of unofficial builds for homebrew-cask

This repository contains Caskfiles for apps that have user-contributed (unofficial) app bundles, because no official app bundle download source exists.

An official app bundle does exist for Chromium, though. Furthermore, that’s a relatively unused repo, and you would likely get more traction with one dedicated just to that cask.

[jxs]

@vitorgalvao ok thanks! will look into it