On Fri, Jun 2, 2017 at 3:58 AM, Adam D. Barratt <[email protected]> wrote: > On 2017-06-02 8:32, Adam D. Barratt wrote: >> There's a huge leap from there to you assuming that SRM will be happy >> to do this without any form of actual discussion. Unblock bugs are >> *not* the way to have that discussion, and two weeks before release is >> a really poor time to attempt to do so.
Respectfully, I am trying to do the best I know how to drive this forward. We all want to keep Debian both stable and secure so let's assume good faith here. If there is a better place to have a discussion than this bug, let me know but it doesn't seem to me to be a particularly wrong place for it either. > Particularly given that the 2.15.0 release was 8 months ago now so there was > plenty of time to have initiated a discussion, rather than leaving it until > almost literally the last minute and assuming it would all be fine. I apologize that I do not have a link to a public discussion, but my understanding is that Alberto Garcia (berto), maintainer of webkit2gtk in Debian and full-time paid developer for webkitgtk for Igalia, tried repeatedly to get the Debian Security team to agree to allowing stretch-security updates of webkit2gtk. If you're told "NO" enough times, you eventually stop asking. Based on the work I've done to help maintain webkit2gtk in Ubuntu, I'm trying to help Debian now. On Fri, Jun 2, 2017 at 4:27 AM, Emilio Pozuelo Monfort <[email protected]> wrote: > Could you list all the known regressions that resulted from these updates in > Ubuntu? I think that would be an interesting data point for this discussion, > so > that we can assess not just the number of regressions, but the severity of > them > and how/if they were fixed (e.g. if upstream cared about these in the cases > that > were reported to them, etc). If you can provide bug#, severity, and a timeline > (e.g. webkit update to -proposed, webkit update to $distro, date of regression > reported, regression fixed) that'd be helpful. There have been no known significant regressions in Ubuntu stable releases since Ubuntu started providing these webkit2gtk updates in September when 2.10.9 was upgraded to 2.12.5. Here are 2 significant regressions that did not affect Ubuntu stable releases: 2.12.4 did have a regression that "caused a hang in the network process after a load failure". 2.12.4 was released August 24 and 2.12.5 fixing those problems was released September 5 (12 days later). 2.14.4 did have a regression in HiDPI support. 2.14.4 was released February 10. The upstream bug was filed that same day. It was fixed in upstream's svn repo February 13. 2.14.5 fixing that regression was released February 15. https://bugs.debian.org/855103 https://bugs.webkit.org/168128 https://mail.gnome.org/archives/distributor-list/2017-February/msg00002.html (public warning on February 13) Thanks, Jeremy
