WebKitGTK+ security and Debian
Alberto Garcia
berto at igalia.com
Sun Feb 21 12:51:44 UTC 2016
Hi,
as you all know, WebKitGTK+ does not receive security updates in
Debian.
The reason for that is the lack of security support from upstream and
the difficulty of making backports.
I believe that this is no longer true.
It's been already a while since the WebKitGTK+ team has access to the
upstream security bugs and CVE numbers, and security advisories are
being published since January 2015:
http://webkitgtk.org/security/WSA-2015-0001.html
Upstream also has a policy of being conservative with the build
dependencies so newer releases can be built in older operating
systems.
I thinks that it should be possible for Debian to provide security
updates for WebKitGTK+ again. What we cannot provide is backports
of individual fixes, but encourage people to switch to the latest
upstream version instead.
Further reading:
https://blogs.gnome.org/mcatanzaro/2016/02/19/webkitgtk-gets-security-updates/
What do you people think?
Berto
More information about the Pkg-webkit-maintainers
mailing list