Release notes entry for web browser security support

Julien Cristau jcristau at
Wed Feb 2 18:33:27 UTC 2011

On Mon, Jan 10, 2011 at 20:56:01 +0100, Moritz Muehlenhoff wrote:

> State of browser support
> Debian Squeeze includes several browser engines which are affected by a frequent
> stream of security vulnerabilities. The high rate of vulnerabilities
> and lack of upstream support in the form of long term branches make it
> close to impossible to support these browsers with backported security
> fixes. Additionally, library interdepencies make it impossible to update to newer
> upstream releases. As such, browsers built upon the webkit, qtwebkit
> and khtml engines are included in Squeeze, but not covered by full security 
> support. We will make an effort to track down and backport security fixes,
> but in general these browsers should not be used against untrusted websites.
> For general web browser use we recommend browsers building on the 
> Mozilla xulrunner engine (Iceweasel and Iceape) or Chromium. Xulrunner
> has had a history of good backportability for older releases over the
> previous release cycles.
> Chromium - while build upon the Webkit codebase - is a leaf package, i.e.
> if backporting becomes no longer feasible, there's still the possibility of
> upgrading to a later upstream release (which is not possible for the
> webkit library itself).
Should I include this in the release notes then, or does the webkit part
need changes?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <>

More information about the Pkg-webkit-maintainers mailing list