Bug#864941: release-notes: webkit2gtk not mentioned in https://www.debian.org/releases/stretch/amd64/release-notes/ch-information.en.html#browser-security

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#864941: release-notes: webkit2gtk not mentioned in https://www.debian.org/releases/stretch/amd64/release-notes/ch-information.en.html#browser-security
From: Axel Beckert <abe@debian.org>
Date: Sat, 17 Jun 2017 20:13:56 +0200
Message-id: <[🔎] 874lvetrbv.fsf@c-cactus.ontheroad.deuxchevaux.org>
Reply-to: Axel Beckert <abe@debian.org>, 864941@bugs.debian.org

Package: release-notes
Severity: normal
Tags: security

Hi,

https://www.debian.org/releases/stretch/amd64/release-notes/ch-information.en.html#browser-security
says:

> Therefore, browsers built upon the webkit, qtwebkit and khtml engines
> are included in stretch, but not covered by security support. These
> browsers should not be used against untrusted websites.

But according to
https://jeremy.bicha.net/2017/06/15/stretch-latest-webkitgtk/ the source
package "webkit2gtk" has no "guaranteed security support for webkit2gtk
for Debian 9", too.

Please update that list accordingly.

P.S.: While I have no source, my gut feeling says that
qtwebengine-opensource-src should also be in that list.

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (990, 'unstable'), (980, 'unstable-debug'), (600, 'testing'), (111, 'buildd-unstable'), (111, 'buildd-experimental'), (110, 'experimental'), (105, 'experimental-debug')
Architecture: amd64 (x86_64)

Kernel: Linux 4.11.0-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Reply to:

Follow-Ups:
- Bug#864941: release-notes: webkit2gtk not mentioned in https://www.debian.org/releases/stretch/amd64/release-notes/ch-information.en.html#browser-security
  - From: Julien Cristau <jcristau@debian.org>