Bug#876905: qtwebkit should not be release with buster
On Fri, Mar 22, 2019 at 05:45:56PM -0300, Lisandro Damián Nicanor Pérez Meyer wrote:
> El jue., 21 mar. 2019 09:33, Thierry Fauck@linux.ibm.com <
> thierry@linux.ibm.com> escribió:
>
> > On Tue, 26 Sep 2017 22:15:12 +0300 Adrian Bunk <bunk@debian.org> wrote:
> > > Source: qtwebkit
> > > Version: 2.3.4.dfsg-9.1
> > > Severity: serious
> > > Tags: buster sid
> > >
> > > qtwebkit should not be release with buster
> > > (RC bugs are already open against all r-deps).
> > >
> > >
> >
> > As version 2.3.4.dfsg-10 is part of buster what do we do with that bug ?
>
>
> Truth is we can't even agree inside the team. Some of us think we should
> just remove it alongside whatever hasn't been ported, some think we should
> not.
>
> Now in my *very personal* opinion: even if it's not supported by the
> security team I think it should keep the RC status if released with buster.
> It's a pile of security bugs in one single package.
qtwebkit hasn't been security-supported in any Debian release it was ever
present in. Does it really make sense to remove it now so close to the
buster release (with all kinds of unpreditable fallout on kde4libs).
Wouldn't it be better to wait after the buster release and then agressively
bump all the remaining QT4/KDE4 to RC-severity the day after the buster
release so that automated testing removals can do their magic (and filin
g RM bugs a few months later).
Cheers,
Moritz
Reply to: