I've spent some time investigating the possibility of replacing QtWebkit with
the Ubuntu.Web module (which internally uses Oxide), but the task looks far
from trivial, and we should consider whether the request is worth the effort.
There are also two points to consider:
1) While indeed Oxide would be the safest bet from a security point of view, we
use this webview for showing service login portals, which typically are safe to
browse as they don't include third party content where malicious code could
reside.
2) Oxide only works in x86-64, i386 and armhf architectures
Summing up, while I think we should be definitely moving towards the
goal of not using QtWebkit1, I don't see a critical urgency of doing
this for the LTS. So I'll be working on this bug as time permits, unless
of course more reasons for the urgency are given.
** Changed in: signon-ui (Ubuntu)
Importance: Undecided => Medium
** Changed in: signon-ui (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to signon-ui in Ubuntu.
https://bugs.launchpad.net/bugs/1547647
Title:
CRITICAL: please remove libqt5webkit dependancy
Status in signon-ui package in Ubuntu:
Confirmed
Bug description:
signon-ui-x11(http://packages.ubuntu.com/xenial/signon-ui-x11) depends
on libqt5webkit5
https://blogs.gnome.org/mcatanzaro/2016/02/01/on-webkit-security-
updates/
Can it be resolved so new LTS wont be released with known webkit1
bugs/security exploits?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/signon-ui/+bug/1547647/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
