Security plan for webkit in wheezy

Michael Gilbert michael.s.gilbert at
Wed Feb 2 03:56:29 UTC 2011

Since backporting security patches is a real pain, I was thinking that
it may be wise to stick with the 1.2.x stable branch for as long as
possible during the wheezy development cycle (preferably until the
stable webkit series to be released with wheezy is ready or near
ready).  Hence we can upload the same package to both stable-security
and unstable at the same time; thus eliminating a lot of duplicate
work.  In the meantime newer upstream series can be uploaded to
experimental to appease those that need to be on the bleeding edge.

I understand that this may have some undesired consequences since it
may hold back packages that people want to move fast like epiphany.  But
again, the newer release can be supported in experimental.  However, in
terms of providing a "secure testing", I think this is necessary since
webkit just has so many issues.

In the meantime, I'm trying to push the debian-specific patches into
the upstream stable release, and I'm going to try to get more involved
in the stable release process there since there are still a bunch of
security patches that need to get applied.

Anyway, just something to think about.

Best wishes,

More information about the Pkg-webkit-maintainers mailing list