Hi,
FWIW, Fedora also updated their packages[1], and Archlinux had a
qt5-webkit-ng package[2] since January, which recently got merged[3]
back into the main qt5-webkit package.
I'll have to disagree with this being a "wishlist" bug - Security wise,
the old QtWebKit is worse than WebKitGTK 2.4, which gets dropped from
buster[4] - we're talking about ~3 years of delta from upstream WebKit,
including all security fixes in that timespan, which are missing from
the current QtWebKit package. Even if Debian doesn't intend to provide
security support[5] for QtWebKit, there are various packages depending
on it which deal with untrusted input.
There's also a lot of other bugfixes; a lot of websites break or
segfault with the legacy QtWebKit package.
Florian
[1] http://lupinix.blogspot.ch/2017/06/improving-qtwebkit-security-for-fedora.html
[2] https://lists.archlinux.org/pipermail/arch-dev-public/2017-January/028656.html
[3] https://lists.archlinux.org/pipermail/arch-dev-public/2017-June/028895.html
[4] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866671
[5] https://www.debian.org/releases/stretch/amd64/release-notes/ch-information.en.html#browser-security
--
https://www.qutebrowser.org | me@the-compiler.org (Mail/XMPP)
GPG: 916E B0C8 FD55 A072 | https://the-compiler.org/pubkey.asc
I love long mails! | https://email.is-not-s.ms/
Attachment:
signature.asc
Description: PGP signature