WebKitGTK+ security and Debian

Alberto Garcia berto at igalia.com
Sun Feb 21 12:51:44 UTC 2016


as you all know, WebKitGTK+ does not receive security updates in

The reason for that is the lack of security support from upstream and
the difficulty of making backports.

I believe that this is no longer true.

It's been already a while since the WebKitGTK+ team has access to the
upstream security bugs and CVE numbers, and security advisories are
being published since January 2015:


Upstream also has a policy of being conservative with the build
dependencies so newer releases can be built in older operating

I thinks that it should be possible for Debian to provide security
updates for WebKitGTK+ again. What we cannot provide is backports
of individual fixes, but encourage people to switch to the latest
upstream version instead.

Further reading:


What do you people think?


More information about the Pkg-webkit-maintainers mailing list