On Mon, Jan 22, 2018 at 02:00:57PM -0500, Danny Milosavljevic wrote: > dannym pushed a commit to branch master > in repository guix. > > commit 8a58182c12193ae27359591c92febfdd602411f4 > Author: Danny Milosavljevic <dan...@scratchpost.org> > Date: Mon Jan 22 17:34:13 2018 +0100 > > gnu: wxwidgets: Use webkitgtk-2.4. > > * gnu/packages/wxwidgets.scm (wxwidgets)[inputs]: Replace "webkitgtk" by > "webkitgtk-2.4".
Hi Danny, What's the reason for this change? Webkitgtk is actively examined and exploited by security researchers. I think we should try not to build wxwidgets with this unmaintained version of webkitgtk. If some application needs wxwidgets with this older webkitgtk, we should make a new package for it and maybe file a bug upstream pointing out the risks of such a dependency. We already have a few such "special" wxwidgets packages.
signature.asc
Description: PGP signature
