the chromium code is written with the assumption that we can slightly decrease security or increase memory consumption in non-shipping builds for developer convenience.

as an example of security issues, here's a place where we open up the sandbox to ease debugging in non-official: https://code.google.com/p/chromium/codesearch#chromium/src/content/app/content_main_runner.cc&l=207

as an example of increased binary size: https://code.google.com/p/chromium/codesearch#chromium/src/third_party/WebKit/Source/wtf/PartitionAlloc.h&l=446

slan@: Uh oh! This issue is still open and hasn't been updated in the last 21 days. Since this is a serious security vulnerability, we want to make sure progress is happening. Can you update the bug with current status, and what, if anything, is blocking?

If you are not the right Owner for this bug, please find someone else to own it as soon as possible and remove yourself as Owner.

If the issue is already fixed or you are to unable to reproduce it, please close the bug. (And thanks for fixing the bug!).

These nags can be disabled by adding a 'WIP' label and an optional codereview link.

- Your friendly ClusterFuzz

slan: Uh oh! This issue still open and hasn't been updated in the last 37 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

slan: Uh oh! This issue still open and hasn't been updated in the last 52 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This doesn't seem like a it should be a Type=Bug-Security, since there is no concrete vulnerability here. Flipping labels.

@ochang: see comment 1, there are extra holes we open up.

Currently, static key pinning is enabled when OFFICIAL_BUILD is set.
https://cs.chromium.org/chromium/src/net/http/transport_security_state.cc?q=transportsecuritystate&sq=package:chromium&dr=CSs&l=724

We cannot enable OFFICIAL_BUILD until static key pinning no longer relies on this flag. rsleevi@ is looking at fixing this.

To clarify: rsleevi@ is not working on this. I highlighted the risk of setting it.

jasonkliu is talking to the cast team about other issues.

The static key pinning part was fixed a while back: https://codereview.chromium.org/2737583002

Seems like we could attempt to use is_official_build now.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/8777982503bdf20d27992ded417d64b8a2be081e

commit 8777982503bdf20d27992ded417d64b8a2be081e
Author: Luke Halliwell <halliwell@chromium.org>
Date: Mon Jun 12 15:59:06 2017

[Chromecast] Fix death test failures in official builds

CHECK macro strings are dropped in official builds to save space.

BUG= 594632 

Change-Id: Ic53faaa7480fa3c72a75e9af9c4a658cf05b4cc4
Reviewed-on: https://chromium-review.googlesource.com/530103
Reviewed-by: Stephen Lanham <slan@chromium.org>
Commit-Queue: Luke Halliwell <halliwell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#478642}
[modify] https://crrev.com/8777982503bdf20d27992ded417d64b8a2be081e/chromecast/media/cma/backend/alsa/slew_volume_unittests.cc
[modify] https://crrev.com/8777982503bdf20d27992ded417d64b8a2be081e/chromecast/media/cma/backend/alsa/stream_mixer_alsa_unittest.cc

1.26 release enabled is_official_build