subject:"\[arch\-general\] gnucash \[aur\]\->\[community\]\?"

Re: [arch-general] gnucash [aur]->[community]?

2017-10-11 Thread Ryan Petris via arch-general

Gnucash 2.7.0 uses webkit2gtk for non-windows builds, though it's
"unstable". I'd imagine it could get moved back to community after that
version is stable.

https://github.com/Gnucash/gnucash/commit/0004a44f5f188d910cf7ab155ed1f0ce7fa1949a


On 10/10/2017 05:01 PM, Eric Blau wrote:
> On Tue, Oct 10, 2017 at 4:45 PM, Morten Linderud  
> wrote:
>> On Tue, Oct 10, 2017 at 04:34:35PM -0400, Eric Blau wrote:
>>> While it is true that webkitgtk2 has security vulnerabilities and
>>> should not be used for web browsing, web apps, etc., gnucash merely
>>> uses it to generate reports based on your own data. As such, it's
>>> likely not vulnerable to the same security issues as other web
>>> applications based on it.
>>>
>>> I know the developers are in the process of migrating away from it,
>>> but until that time, I think it should be supported and not dropped
>>> for the above reason.
>>>
>> webkitgtk2 would have do be added back to the repos for this to happen, and 
>> that
>> won't happen. It was a big deal to remove it in the first place.
>>
>> https://www.archlinux.org/todo/phasing-out-webkitgtk2/
> OK, thanks for the response. It's a shame that gnucash is lumped with
> other packages with real attacks possible against them, but I
> understand why it had to be done. Hopefully gnucash can migrate off
> webkitgtk2 quickly and make it back in to the repos.
>
> -Eric




signature.asc
Description: OpenPGP digital signature

Re: [arch-general] gnucash [aur]->[community]?

2017-10-10 Thread Eric Blau

On Tue, Oct 10, 2017 at 4:45 PM, Morten Linderud  wrote:
> On Tue, Oct 10, 2017 at 04:34:35PM -0400, Eric Blau wrote:
>>
>> While it is true that webkitgtk2 has security vulnerabilities and
>> should not be used for web browsing, web apps, etc., gnucash merely
>> uses it to generate reports based on your own data. As such, it's
>> likely not vulnerable to the same security issues as other web
>> applications based on it.
>>
>> I know the developers are in the process of migrating away from it,
>> but until that time, I think it should be supported and not dropped
>> for the above reason.
>>
>
> webkitgtk2 would have do be added back to the repos for this to happen, and 
> that
> won't happen. It was a big deal to remove it in the first place.
>
> https://www.archlinux.org/todo/phasing-out-webkitgtk2/

OK, thanks for the response. It's a shame that gnucash is lumped with
other packages with real attacks possible against them, but I
understand why it had to be done. Hopefully gnucash can migrate off
webkitgtk2 quickly and make it back in to the repos.

-Eric

Re: [arch-general] gnucash [aur]->[community]?

2017-10-10 Thread Morten Linderud

On Tue, Oct 10, 2017 at 04:34:35PM -0400, Eric Blau wrote:
> On Tue, Oct 10, 2017 at 3:57 PM, Morten Linderud  wrote:
> > On Tue, Oct 10, 2017 at 03:49:27PM -0400, Ido Rosen wrote:
> >> Gnucash has 44 votes on AUR.  It's useful (and very old, stable)
> >> accounting/bookkeeping software.  Would any TUs be willing to migrate it
> >> from AUR to [community]?
> >>
> >> https://aur.archlinux.org/packages/gnucash/
> >
> > It was moved from [extra] on the 30th of june because it still depends on
> > webkitgtk2, which is flawed and has multiple security issues.
> >
> 
> While it is true that webkitgtk2 has security vulnerabilities and
> should not be used for web browsing, web apps, etc., gnucash merely
> uses it to generate reports based on your own data. As such, it's
> likely not vulnerable to the same security issues as other web
> applications based on it.
> 
> I know the developers are in the process of migrating away from it,
> but until that time, I think it should be supported and not dropped
> for the above reason.
> 

webkitgtk2 would have do be added back to the repos for this to happen, and that
won't happen. It was a big deal to remove it in the first place.

https://www.archlinux.org/todo/phasing-out-webkitgtk2/
-- 
Morten Linderud

PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

Re: [arch-general] gnucash [aur]->[community]?

2017-10-10 Thread Eric Blau

On Tue, Oct 10, 2017 at 3:57 PM, Morten Linderud  wrote:
> On Tue, Oct 10, 2017 at 03:49:27PM -0400, Ido Rosen wrote:
>> Gnucash has 44 votes on AUR.  It's useful (and very old, stable)
>> accounting/bookkeeping software.  Would any TUs be willing to migrate it
>> from AUR to [community]?
>>
>> https://aur.archlinux.org/packages/gnucash/
>
> It was moved from [extra] on the 30th of june because it still depends on
> webkitgtk2, which is flawed and has multiple security issues.
>

While it is true that webkitgtk2 has security vulnerabilities and
should not be used for web browsing, web apps, etc., gnucash merely
uses it to generate reports based on your own data. As such, it's
likely not vulnerable to the same security issues as other web
applications based on it.

I know the developers are in the process of migrating away from it,
but until that time, I think it should be supported and not dropped
for the above reason.

Regards,
Eric

Re: [arch-general] gnucash [aur]->[community]?

2017-10-10 Thread Antonio Rojas

El Tue, 10 Oct 2017 15:49:27 -0400, Ido Rosen escribió:

> Gnucash has 44 votes on AUR.  It's useful (and very old, stable)
> accounting/bookkeeping software.  Would any TUs be willing to migrate it
> from AUR to [community]?
> 
> https://aur.archlinux.org/packages/gnucash/

Not until it is ported away from webkitgtk, which is why it was dropped in the 
first place

Re: [arch-general] gnucash [aur]->[community]?

2017-10-10 Thread Morten Linderud

On Tue, Oct 10, 2017 at 03:49:27PM -0400, Ido Rosen wrote:
> Gnucash has 44 votes on AUR.  It's useful (and very old, stable)
> accounting/bookkeeping software.  Would any TUs be willing to migrate it
> from AUR to [community]?
> 
> https://aur.archlinux.org/packages/gnucash/

It was moved from [extra] on the 30th of june because it still depends on
webkitgtk2, which is flawed and has multiple security issues.

-- 
Morten Linderud

PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

[arch-general] gnucash [aur]->[community]?

2017-10-10 Thread Ido Rosen

Gnucash has 44 votes on AUR.  It's useful (and very old, stable)
accounting/bookkeeping software.  Would any TUs be willing to migrate it
from AUR to [community]?

https://aur.archlinux.org/packages/gnucash/

Re: [arch-general] gnucash [aur]->[community]?

Re: [arch-general] gnucash [aur]->[community]?

Re: [arch-general] gnucash [aur]->[community]?

Re: [arch-general] gnucash [aur]->[community]?

Re: [arch-general] gnucash [aur]->[community]?

Re: [arch-general] gnucash [aur]->[community]?

[arch-general] gnucash [aur]->[community]?

7 matches

Site Navigation

Mail list logo

Footer information