[Secure-testing-team] On the supportability of webkit
Yves-Alexis Perez
corsac at corsac.net
Mon Dec 21 17:10:08 UTC 2009
Michael Gilbert a écrit :
> Hi all,
>
> The number of open CVEs for webkit during lenny's lifetime so far has
> been incredibly high. Only rivaled by openjdk and the kernel (at
> times), but those seem to get updates reasonably fast even though there
> are a large number. Guisseppe has done some good work fixing a large
> number of webkit issues recently, which is great, but still another 19
> remain.
>
> The root of this problem is that debian does not have access to apple's
> private security list [0]. The thing is that they have already offered
> access in the past (to anyone with a debian.org address) [1], but no one
> stepped up to the plate. I would take on the responsibility, but I am
> not a DD.
>
> So, I think at this point, webkit should be strongly considered for
> removal in the next lenny point release (because I don't forsee things
> getting any better any time soon), and possibly from squeeze as well.
> However, this concern could be rendered moot should someone volunteer
> to gain access to the private webkit list.
Were the webkit maintainers aware of that proposal?
Cheers,
--
Yves-Alexis
More information about the Pkg-webkit-maintainers
mailing list