On 12/08/2011 10:38 AM, Gustavo Noronha Silva wrote: > Hey, > > On Mon, 2011-12-05 at 21:00 +0100, Simon Paillard wrote: >> If the situation persists, it may be worth warning *squeeze* users, through a >> dedicated DSA/d-security-announce, as well as a dedicated paragraph in the next >> point release announce ? > Yeah, that sounds sane. Unfortunately we (mostly myself) underestimated > the amount of work that it would take and overestimated the help we > would get, which is never a good thing. > > We briefly discussed this issue during the recent webkit hackfest and we > are trying to figure out a more sustainable way of providing security > support. If anyone would like to help, we can nominate people to the > webkit security mailing list, and have an IRC meeting along with other > WebKitGTK+ people to see what we could do about this, what do you say? > > In Ubuntu, we need to maintain a stable branch of webkitgtk+ for 5 years for our upcoming LTS. That is from Apr 2012 to Apr 2017. We'll be using the webkitgtk+ 1.8 branch since it's the most recent with GTK2 and GTK3 support. I'd like to find other like minded people to help maintain this branch. I assume that if Debian can standardize on 1.8, that would be helpful for 3.5 years or so (6 months until wheezy releases, 2 yrs of stable, 1 yr of old stable). How does this sound to people? -- Micah Gersten Ubuntu Security Team
Attachment:
signature.asc
Description: OpenPGP digital signature