Security plan for webkit in wheezy

Gustavo Noronha Silva kov at debian.org
Mon Feb 7 13:01:31 UTC 2011


On Sun, 2011-02-06 at 14:36 -0500, Michael Gilbert wrote:
> > In the meantime, I'm trying to push the debian-specific patches into
> > the upstream stable release, and I'm going to try to get more involved
> > in the stable release process there since there are still a bunch of
> > security patches that need to get applied.
> > 
> > Anyway, just something to think about.
> 
> Are there any thoughts on this idea?  Otherwise, I'd say lets just go
> ahead and make this a quasi-formal plan for the near future.
> 
> So, unstable (and thus wheezy) will stay in sync with the 1.2.x
> releases, and experimental will get the 1.3.x or greater releases
> (even after upstream declares 1.3.x or 1.4.x stable).

I think that you are right in that we should do that if we target a
secure testing. Unfortunately that defeats the purpose of
unstable/testing as our development platforms, and will hinder not only
WebKitGTK+'s testing, but Epiphany's, and of any other package that uses
it, so I don't think that is a good idea - it feels like freezing way
too early. I was planning on pushing webkitgtk 1.3.x down to unstable as
soon as gtk3 lands in there, actually.

I think the best way of keeping unstable/testing secure is to track
upstream closely, and get new versions uploaded quickly - they usually
contain the fixes to the problems already.

Cheers,


-- 
Gustavo Noronha Silva <kov at debian.org>
Debian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-webkit-maintainers/attachments/20110207/5848eb3b/attachment.pgp>


More information about the Pkg-webkit-maintainers mailing list