> Hello, > >>The current QtWebkit version in unstable hasn't picked up fixes from >>Webkit trunk for about 2 years. > > That's mainly because of the freeze, I guess, I'm going to try to update this > package for a debian derivative and if possible offer my changes to debian.
Right, that won't solve the fundamental security problem though. There is still are large lag between Webkit security fixes and QtWebkit major releases. Not to mention that there will be a freeze before the next stable release again so it will inherently be outdated again. Please refrain from forwarding changes to the pkg-kde team for reasons you are very well aware of. >>I believe it is better to not have such a browser in the archive but >>some members of the KDE team disagreed with that when I voiced this concern >>ast year. > >>However no one from the team picked up maintaining the package so I'm >>now asking for its removal. > > About this, since no one else is willing to maintain it, I was the maintainer > when I was part of that "team" but I'm not part the alioth project anymore, I > would keep maintaining it outside the debian qt/kde "team". > > So -in my opinion- please, don't remove this package for now. > > Just for the record: Konqueror can be configured to use both KHTML and > qtwebkit > as browsing engine, so if you remove rekonq, the next step if you want to be > consistent is either: > > a) Removing qtwebkit from the archive (which is being used by amarok to show > the wikipedia page about the artist of the song which you are playing) From a security POV there is a large difference between rendering Wikipedia pages and using QtWebkit for a general purpose web browser. > or > > b) Keeping qtwekit for amarok but chopping off the ability of konqueror to > choose qtwebkit as browsing engine. It would certainly be a good idea to ask the maintainers of such packages if they are aware of the security situation and possibly find a way to convey the security support status to users. Cheers, Felix
signature.asc
Description: OpenPGP digital signature
