Fwd: Re: Bug#649625: webkit unmaintained security-wise (again)

Micah Gersten micah at ubuntu.com
Thu Jan 26 16:19:28 UTC 2012 

Sorry, I forgot to include the webkit maintainers list and Ubuntu
Security in this.

-------- Original Message --------
Subject: 	Re: Bug#649625: webkit unmaintained security-wise (again)
Date: 	Thu, 26 Jan 2012 10:03:57 -0600
From: 	Micah Gersten <micah at ubuntu.com>
To: 	Gustavo Noronha Silva <kov at debian.org>
CC: 	Simon Paillard <spaillard at debian.org>, Moritz Muehlenhoff
<jmm at debian.org>, mrobinson at webkit.org, debian-security at lists.debian.org



On 12/08/2011 10:38 AM, Gustavo Noronha Silva wrote:
> Hey,
>
> On Mon, 2011-12-05 at 21:00 +0100, Simon Paillard wrote:
>> If the situation persists, it may be worth warning *squeeze* users, through a
>> dedicated DSA/d-security-announce, as well as a dedicated paragraph in the next
>> point release announce ? 
> Yeah, that sounds sane. Unfortunately we (mostly myself) underestimated
> the amount of work that it would take and overestimated the help we
> would get, which is never a good thing.
>
> We briefly discussed this issue during the recent webkit hackfest and we
> are trying to figure out a more sustainable way of providing security
> support. If anyone would like to help, we can nominate people to the
> webkit security mailing list, and have an IRC meeting along with other
> WebKitGTK+ people to see what we could do about this, what do you say?
>
>
In Ubuntu, we need to maintain a stable branch of webkitgtk+ for 5 years
for our upcoming LTS.  That is from Apr 2012 to Apr 2017.  We'll be
using the webkitgtk+ 1.8 branch since it's the most recent with GTK2 and
GTK3 support.  I'd like to find other like minded people to help
maintain this branch.  I assume that if Debian can standardize on 1.8,
that would be helpful for 3.5 years or so (6 months until wheezy
releases, 2 yrs of stable, 1 yr of old stable).  How does this sound to
people?

-- 
Micah Gersten
Ubuntu Security Team




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-webkit-maintainers/attachments/20120126/fbc60a29/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-webkit-maintainers/attachments/20120126/fbc60a29/attachment.pgp>

More information about the Pkg-webkit-maintainers mailing list