On 2010-08-31, Moritz Muehlenhoff <[email protected]> wrote: > We would need to check how these packages use webkit, maybe they can be > adapted.
I would really like if we could describe gtkwebkit as gtkwebkit, rather than using 'webkit' (which is the common codebase used by gtk people, by nokia/Qt, by chrome, by safari, maybe also by RIM). Just because the gnome/gtk world once again stomps over 'common namespaces' shouldn't give them any special advantcages. > The following packages contain webkit or have a webkit heritage: > > kdelibs/kdelibs4: Only few webkit issues also affect khtml, since the > code bases have forked away from each other quite some time ago and > webkit has seen lots of changes and rewrites. It is the other way around. webkit has a KHTML heritage. They have been taking very different ways, and filing webkit security issues against khtml packages is just pretty useless. > qt4: It embeds a webkit copy, but does any application in the archive > use it? It seems as if Nokia doesn't systematically track security Arora, rekonq, KDE Plasma Desktop, KDE Plasma Netbook, maybe kmail, merkaartor, kpart-webkit, (just from the top of my head) > issues either. If the webkit version embedded is the same as the > webkit version in Debian it might be straightforward to carry the > patches over. The alternative: Mark QT4 as unsupported security-wise. > Webkit: Patches need to be backported, but we need more maintainers > involved and commited to backporting patches. A few people need to > step up and commit to it, otherwise it's bound to fail for Squeeze > as it failed for Lenny. Most of all these webkit things have very different branchpoints and actual codebases. Different java script engines. Different frontends. Different security issues. But until nokia, google, apple and others agree on a actual shared release of a webcore/javascriptcore library, things won't really change in this regard. And I see no real movement in that direction either. /Sune -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
