Release notes entry for web browser security support
mh at glandium.org
Wed Jan 12 19:58:18 UTC 2011
On Wed, Jan 12, 2011 at 08:50:13PM +0100, Moritz Mühlenhoff wrote:
> On Mon, Jan 10, 2011 at 06:47:21PM -0500, Michael Gilbert wrote:
> > On Tue, 11 Jan 2011 00:40:42 +0100, Moritz Muehlenhoff wrote:
> > > On Mon, Jan 10, 2011 at 11:12:39PM +0100, Josselin Mouette wrote:
> > > > Heya,
> > > >
> > > > Le lundi 10 janvier 2011 à 20:56 +0100, Moritz Muehlenhoff a écrit :
> > > > > As such, browsers built upon the webkit, qtwebkit
> > > > > and khtml engines are included in Squeeze, but not covered by full security
> > > > > support. We will make an effort to track down and backport security fixes,
> > > > > but in general these browsers should not be used against untrusted websites.
> > > >
> > > > I was under the impression that upstream promised long-term maintenance
> > > > for the webkit 1.2 branch. It is one of the reasons for which epiphany
> > > > was kept as the default browser for GNOME. Is that no longer true?
> > >
> > > I couldn't find that branch on http://trac.webkit.org/browser , but some
> > > digging revealed that there's in fact a stable branch maintained elsewhere:
> > > http://gitorious.org/webkitgtk/stable/commits/master
> > Also http://webkitgtk.org/?page=download. 1.2.6 is now available
> > there (vice 1.2.5 in squeeze/sid), and I was going to look at packaging
> > it. Not sure if it would be accepted for squeeze at this point though.
> > However, it does look like it fixes a bunch of security issues.
> IMO, the same policy should apply as for xulrunner, i.e. introducing the new
> stable point releases (as long as they don't break the API, of course).
Note that that has been the policy for xulrunner 1.9 in Lenny until upstream
dropped support. For squeeze I'm planning not to follow this policy.
More information about the Pkg-webkit-maintainers