[Secure-testing-team] On the supportability of webkit

Yves-Alexis Perez corsac at corsac.net
Mon Dec 21 17:10:08 UTC 2009

Michael Gilbert a écrit :
> Hi all,
> The number of open CVEs for webkit during lenny's lifetime so far has
> been incredibly high. Only rivaled by openjdk and the kernel (at
> times), but those seem to get updates reasonably fast even though there
> are a large number.  Guisseppe has done some good work fixing a large
> number of webkit issues recently, which is great, but still another 19
> remain.
> The root of this problem is that debian does not have access to apple's
> private security list [0].  The thing is that they have already offered
> access in the past (to anyone with a debian.org address) [1], but no one
> stepped up to the plate.  I would take on the responsibility, but I am
> not a DD.
> So, I think at this point, webkit should be strongly considered for
> removal in the next lenny point release (because I don't forsee things
> getting any better any time soon), and possibly from squeeze as well.
> However, this concern could be rendered moot should someone volunteer
> to gain access to the private webkit list.

Were the webkit maintainers aware of that proposal?


More information about the Pkg-webkit-maintainers mailing list