WebKitGTK+ security and Debian
berto at igalia.com
Sun Feb 21 12:51:44 UTC 2016
as you all know, WebKitGTK+ does not receive security updates in
The reason for that is the lack of security support from upstream and
the difficulty of making backports.
I believe that this is no longer true.
It's been already a while since the WebKitGTK+ team has access to the
upstream security bugs and CVE numbers, and security advisories are
being published since January 2015:
Upstream also has a policy of being conservative with the build
dependencies so newer releases can be built in older operating
I thinks that it should be possible for Debian to provide security
updates for WebKitGTK+ again. What we cannot provide is backports
of individual fixes, but encourage people to switch to the latest
upstream version instead.
What do you people think?
More information about the Pkg-webkit-maintainers