WebKitGTK+ security and Debian

Alberto Garcia berto at igalia.com
Thu Feb 25 21:18:27 UTC 2016


On Thu, Feb 25, 2016 at 09:05:29PM +0100, Emilio Pozuelo Monfort wrote:

> >> I agree. It'd be good to at the very least, update to point
> >> releases in stable, as you did with 2.4.9. Upgrading to a major
> >> version, e.g. doing webkit2gtk 2.6.x -> 2.10.x would be more
> >> problematic as there is potential to break the rdeps. I don't
> >> think the SRMs would approve that.
> > 
> > The idea is that the API is stable in order to keep the rdeps
> > fine, but it's of course more risky than cherry picking one or two
> > patches.
> 
> Yeah. My point is that a huge set of changes across major versions
> is more likely to break rdeps than a few set of bug fixes across
> micro version updates.

Ok, I'll start with a backport then when the next stable version is
out (probably in a few days).

> > I wonder btw if the switch to -dbgsym would get in the way:
> > 
> > https://anonscm.debian.org/cgit/pkg-webkit/webkit.git/commit/?h=wk2/unstable&id=39d223f2934b3bab6c5e2501234ea34afb33ca0a
> > 
> > What would we do in the backports? Disable the debug packages
> > entirely?
> 
> Yeah, or revert that.

I'd rather disable them, I don't want to have -dbg packages newer than
2.10.5-1~

Berto



More information about the Pkg-webkit-maintainers mailing list