Release notes entry for web browser security support
jmm at inutil.org
Wed Jan 12 19:50:13 UTC 2011
On Mon, Jan 10, 2011 at 06:47:21PM -0500, Michael Gilbert wrote:
> On Tue, 11 Jan 2011 00:40:42 +0100, Moritz Muehlenhoff wrote:
> > On Mon, Jan 10, 2011 at 11:12:39PM +0100, Josselin Mouette wrote:
> > > Heya,
> > >
> > > Le lundi 10 janvier 2011 à 20:56 +0100, Moritz Muehlenhoff a écrit :
> > > > As such, browsers built upon the webkit, qtwebkit
> > > > and khtml engines are included in Squeeze, but not covered by full security
> > > > support. We will make an effort to track down and backport security fixes,
> > > > but in general these browsers should not be used against untrusted websites.
> > >
> > > I was under the impression that upstream promised long-term maintenance
> > > for the webkit 1.2 branch. It is one of the reasons for which epiphany
> > > was kept as the default browser for GNOME. Is that no longer true?
> > I couldn't find that branch on http://trac.webkit.org/browser , but some
> > digging revealed that there's in fact a stable branch maintained elsewhere:
> > http://gitorious.org/webkitgtk/stable/commits/master
> Also http://webkitgtk.org/?page=download. 1.2.6 is now available
> there (vice 1.2.5 in squeeze/sid), and I was going to look at packaging
> it. Not sure if it would be accepted for squeeze at this point though.
> However, it does look like it fixes a bunch of security issues.
IMO, the same policy should apply as for xulrunner, i.e. introducing the new
stable point releases (as long as they don't break the API, of course).
Michael, the security tracker is full of webkit issues, which are marked
as <undetermined>, could you check/update, which of these are fixed by
the 1.2.6 version Gustavo uploaded?
More information about the Pkg-webkit-maintainers