Bug#990940: release-notes: wpewebkit to be covered by security support in bullseye

[Justin B Rye <justin.byam.rye@gmail.com>]

Alberto Garcia wrote:
> Debian provides security support for the WebKitGTK browser engine
> (source package: webkit2gtk). For bullseye we also want to support
> wpewebkit, which is developed by the same team, follows a very similar
> release schedule and numbering system, shares most of the code and
> almost all CVEs fixes apply to both ports.
> 
> See #990754 for more details.

Buster users reading this ought to be able to work out that "uses
webkit2gtk" means "Depends: libwebkit2gtk-X.Y-Z", but wpewebkit is
more obscure: nobody preparing a dist-upgrade is going to learn
anything about it with APT searches on buster.  Can we add some hint
that it's new in bullseye?
 
> I'm attaching a patch for the release notes.

> diff --git a/en/issues.dbk b/en/issues.dbk
> index 5f177f54..9fb6861d 100644
> --- a/en/issues.dbk
> +++ b/en/issues.dbk
> @@ -483,12 +483,13 @@ data = ${lookup{$local_part}lsearch{/some/path/$domain_data/aliases}}
>  	  source packages and the concern applies to all packages shipping
>  	  them. The concern also extends to web rendering engines not explicitly
>  	  mentioned here, with the exception of <systemitem
> -	  role="source">webkit2gtk</systemitem>.</para></footnote> are included in
> -	  &releasename;, but not
> -	  covered by security support. These browsers should not be used against
> -	  untrusted websites.
> -	  The <systemitem role="source">webkit2gtk</systemitem> source package is
> -	  covered by security support.
> +	  role="source">webkit2gtk</systemitem> and <systemitem
> +	  role="source">wpewebkit</systemitem>.</para></footnote> are included in
> +	  &releasename;, but not covered by security support. These
> +          browsers should not be used against untrusted websites.
> +	  The <systemitem role="source">webkit2gtk</systemitem> and
> +          <systemitem role="source">wpewebkit</systemitem> source
> +          packages are covered by security support.
>  	</para>
>  	<para>
>  	  For general web browser use we recommend Firefox or Chromium.

If we can refer to "webkit" and "khtml" (in the previous line) and
"Firefox" and "Chromium" (below) without special markup, it's not
clear why we need make such a big deal about "*webkit2gtk*" and
"*wpewebkit*" being source package names.  I would suggest just:

   	  mentioned here, with the exception of webkit2gtk and
          the new wpewebkit.</para></footnote> are included in
	  &releasename;, but not covered by security support. These
          browsers should not be used against untrusted websites.
	  The webkit2gtk and wpewebkit engines
          <emphasis>are</emphasis> covered by security support.

-- 
JBR	with qualifications in linguistics, experience as a Debian
	sysadmin, and probably no clue about this particular package