Bug#863915: unblock: webkit2gtk/2.16.3-2

Fri Jun 2 13:44:40 UTC 2017

On Fri, Jun 2, 2017 at 3:58 AM, Adam D. Barratt
<adam at adam-barratt.org.uk> wrote:
> On 2017-06-02 8:32, Adam D. Barratt wrote:
>> There's a huge leap from there to you assuming that SRM will be happy
>> to do this without any form of actual discussion. Unblock bugs are
>> *not* the way to have that discussion, and two weeks before release is
>> a really poor time to attempt to do so.

Respectfully, I am trying to do the best I know how to drive this
forward. We all want to keep Debian both stable and secure so let's
assume good faith here. If there is a better place to have a
discussion than this bug, let me know but it doesn't seem to me to be
a particularly wrong place for it either.

> Particularly given that the 2.15.0 release was 8 months ago now so there was
> plenty of time to have initiated a discussion, rather than leaving it until
> almost literally the last minute and assuming it would all be fine.

I apologize that I do not have a link to a public discussion, but my
understanding is that Alberto Garcia (berto), maintainer of webkit2gtk
in Debian and full-time paid developer for webkitgtk for Igalia, tried
repeatedly to get the Debian Security team to agree to allowing
stretch-security updates of webkit2gtk. If you're told "NO" enough
times, you eventually stop asking. Based on the work I've done to help
maintain webkit2gtk in Ubuntu, I'm trying to help Debian now.

On Fri, Jun 2, 2017 at 4:27 AM, Emilio Pozuelo Monfort <pochu at debian.org> wrote:
> Could you list all the known regressions that resulted from these updates in
> Ubuntu? I think that would be an interesting data point for this discussion, so
> that we can assess not just the number of regressions, but the severity of them
> and how/if they were fixed (e.g. if upstream cared about these in the cases that
> were reported to them, etc). If you can provide bug#, severity, and a timeline
> (e.g. webkit update to -proposed, webkit update to $distro, date of regression
> reported, regression fixed) that'd be helpful.

There have been no known significant regressions in Ubuntu stable
releases since Ubuntu started providing these webkit2gtk updates in
September when 2.10.9 was upgraded to 2.12.5.

Here are 2 significant regressions that did not affect Ubuntu stable releases:

2.12.4 did have a regression that "caused a hang in the network
process after a load failure". 2.12.4 was released August 24 and
2.12.5 fixing those problems was released September 5 (12 days later).

2.14.4 did have a regression in HiDPI support. 2.14.4 was released
February 10. The upstream bug was filed that same day. It was fixed in
upstream's svn repo February 13. 2.14.5 fixing that regression was
released February 15.
https://bugs.debian.org/855103
https://bugs.webkit.org/168128
https://mail.gnome.org/archives/distributor-list/2017-February/msg00002.html
(public warning on February 13)

Thanks,
Jeremy