Michael Gilbert a écrit : > Hi all, > > The number of open CVEs for webkit during lenny's lifetime so far has > been incredibly high. Only rivaled by openjdk and the kernel (at > times), but those seem to get updates reasonably fast even though there > are a large number. Guisseppe has done some good work fixing a large > number of webkit issues recently, which is great, but still another 19 > remain. > > The root of this problem is that debian does not have access to apple's > private security list [0]. The thing is that they have already offered > access in the past (to anyone with a debian.org address) [1], but no one > stepped up to the plate. I would take on the responsibility, but I am > not a DD. > > So, I think at this point, webkit should be strongly considered for > removal in the next lenny point release (because I don't forsee things > getting any better any time soon), and possibly from squeeze as well. > However, this concern could be rendered moot should someone volunteer > to gain access to the private webkit list.
Were the webkit maintainers aware of that proposal? Cheers, -- Yves-Alexis _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
