Control: severity -1 important Hi Florian! On Fri, Jul 07, 2017 at 12:59:09PM +0200, Florian Bruhin wrote: > I'll have to disagree with this being a "wishlist" bug - Security wise, > the old QtWebKit is worse than WebKitGTK 2.4, which gets dropped from > buster[4] - we're talking about ~3 years of delta from upstream WebKit, > including all security fixes in that timespan, which are missing from > the current QtWebKit package. Even if Debian doesn't intend to provide > security support[5] for QtWebKit, there are various packages depending > on it which deal with untrusted input. I absolutely agree. Bumping the bug severity to important. However as I said, we need to focus on Qt 5.7.1 → 5.9.1 transition now, which still has some blockers. After the transition is done, we will be able to do some other Qt tasks not directly related to upgrade, i.e. updating QtWebKit or building QtBase with GL ES support on AArch64. I hope we will do the transition within a couple of weeks, but it depends on my time and amount of other tasks. -- Dmitry Shachnev
Attachment:
signature.asc
Description: PGP signature