Release notes entry for web browser security support
Julien Cristau
jcristau at debian.org
Wed Feb 2 18:33:27 UTC 2011
On Mon, Jan 10, 2011 at 20:56:01 +0100, Moritz Muehlenhoff wrote:
> State of browser support
>
> Debian Squeeze includes several browser engines which are affected by a frequent
> stream of security vulnerabilities. The high rate of vulnerabilities
> and lack of upstream support in the form of long term branches make it
> close to impossible to support these browsers with backported security
> fixes. Additionally, library interdepencies make it impossible to update to newer
> upstream releases. As such, browsers built upon the webkit, qtwebkit
> and khtml engines are included in Squeeze, but not covered by full security
> support. We will make an effort to track down and backport security fixes,
> but in general these browsers should not be used against untrusted websites.
>
> For general web browser use we recommend browsers building on the
> Mozilla xulrunner engine (Iceweasel and Iceape) or Chromium. Xulrunner
> has had a history of good backportability for older releases over the
> previous release cycles.
>
> Chromium - while build upon the Webkit codebase - is a leaf package, i.e.
> if backporting becomes no longer feasible, there's still the possibility of
> upgrading to a later upstream release (which is not possible for the
> webkit library itself).
>
Should I include this in the release notes then, or does the webkit part
need changes?
Cheers,
Julien
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-webkit-maintainers/attachments/20110202/a47c9f2b/attachment.pgp>
More information about the Pkg-webkit-maintainers
mailing list