On Thu, 2016-07-21 at 22:04 +0200, Carlos Alberto Lopez Perez wrote: > Debian is already taking our updates: WebKitGTK+ 2.12 is available on > the backports repository for stable.
This hardly counts. Users don't realize the only safe way to use WebKit is to enable the backports repository.... I gave some comments on Debian's policy at [1] (scroll down to the Debian heading) which is good enough for me, as I'm not a Debian developer. Regardless, you're right, I'm pretty sure your suggested policy is better than mine. I would tweak it slightly: * We support each major Debian version until one year after the release of the next major version. * We support each Ubuntu LTS until one year after the release of the next Ubuntu LTS. In practice, it means we don't depend on anything newer than about three years old, whereas with your original proposal it would be about two years. This makes it possible for distros to do security updates for while longer. Sound good? We can always consider extending this period in the future if a major distro wants to provide security updates for longer than three years, but it's a moot point right now. Michael [1] https://blogs.gnome.org/mcatanzaro/2016/02/01/on-webkit-security-updates/ _______________________________________________ webkit-gtk mailing list [email protected] https://lists.webkit.org/mailman/listinfo/webkit-gtk
