On Mon, Jan 10, 2011 at 20:56:01 +0100, Moritz Muehlenhoff wrote: > State of browser support > > Debian Squeeze includes several browser engines which are affected by a frequent > stream of security vulnerabilities. The high rate of vulnerabilities > and lack of upstream support in the form of long term branches make it > close to impossible to support these browsers with backported security > fixes. Additionally, library interdepencies make it impossible to update to newer > upstream releases. As such, browsers built upon the webkit, qtwebkit > and khtml engines are included in Squeeze, but not covered by full security > support. We will make an effort to track down and backport security fixes, > but in general these browsers should not be used against untrusted websites. > > For general web browser use we recommend browsers building on the > Mozilla xulrunner engine (Iceweasel and Iceape) or Chromium. Xulrunner > has had a history of good backportability for older releases over the > previous release cycles. > > Chromium - while build upon the Webkit codebase - is a leaf package, i.e. > if backporting becomes no longer feasible, there's still the possibility of > upgrading to a later upstream release (which is not possible for the > webkit library itself). > Should I include this in the release notes then, or does the webkit part need changes? Cheers, Julien
Attachment:
signature.asc
Description: Digital signature