Bug#864941: release-notes: webkit2gtk not mentioned in https://www.debian.org/releases/stretch/amd64/release-notes/ch-information.en.html#browser-security
On Sat, Jun 17, 2017 at 20:29:46 +0200, Axel Beckert wrote:
> Julien Cristau wrote:
> > > > Therefore, browsers built upon the webkit, qtwebkit and khtml engines
> > > > are included in stretch, but not covered by security support. These
> > > > browsers should not be used against untrusted websites.
> > >
> > > But according to
> > > https://jeremy.bicha.net/2017/06/15/stretch-latest-webkitgtk/ the source
> > > package "webkit2gtk" has no "guaranteed security support for webkit2gtk
> > > for Debian 9", too.
> > >
> > > Please update that list accordingly.
> > I'm not sure what you think needs updating, webkit is already on the
> > not-supported list?
> webkit is a different source package:
> As is webkitgtk:
> I'm talking about https://packages.qa.debian.org/w/webkit2gtk.html
> And obviously, since "qtwebkit" and "webkit" are both mentioned
> already, the mentioning of "webkit" does not imply any webkit fork as
> otherwise "qtwebkit" wouldn't be in there.
OK. I didn't think that list is intended as a list of source packages.
It does talk about browser engines instead, I believe on purpose, so it
doesn't have to be that specific about source package names (which
wouldn't be much help to most users anyway). Maybe we could make that
clearer. Or indeed update it to actual current source packages.