| Main Archive Page > Month Archives > debian-security archives |
Re: Bug#649625: webkit unmaintained security-wise (again)
From: Micah Gersten <micah_at_nospam>Date: Thu Jan 26 2012 - 16:03:57 GMT
To: Gustavo Noronha Silva <kov@debian.org>
On 12/08/2011 10:38 AM, Gustavo Noronha Silva wrote:
> Hey,
>
> On Mon, 2011-12-05 at 21:00 +0100, Simon Paillard wrote:
>> If the situation persists, it may be worth warning *squeeze* users, through a
>> dedicated DSA/d-security-announce, as well as a dedicated paragraph in the next
>> point release announce ?
> Yeah, that sounds sane. Unfortunately we (mostly myself) underestimated
> the amount of work that it would take and overestimated the help we
> would get, which is never a good thing.
>
> We briefly discussed this issue during the recent webkit hackfest and we
> are trying to figure out a more sustainable way of providing security
> support. If anyone would like to help, we can nominate people to the
> webkit security mailing list, and have an IRC meeting along with other
> WebKitGTK+ people to see what we could do about this, what do you say?
>
>
In Ubuntu, we need to maintain a stable branch of webkitgtk+ for 5 years
for our upcoming LTS. That is from Apr 2012 to Apr 2017. We'll be
using the webkitgtk+ 1.8 branch since it's the most recent with GTK2 and
GTK3 support. I'd like to find other like minded people to help
maintain this branch. I assume that if Debian can standardize on 1.8,
that would be helpful for 3.5 years or so (6 months until wheezy
releases, 2 yrs of stable, 1 yr of old stable). How does this sound to
people?
-- Micah Gersten Ubuntu Security Team
-- To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: http://lists.debian.org/4F21796D.3050708@ubuntu.com