On Sun, May 28, 2017 at 09:32:23PM -0400, Jeremy Bicha wrote: > > The good news is that the first kind of problems are detected and > > fixed immediately, so waiting a couple of weeks before uploading > > the releases to debian-security could be an option (is that what > > Ubuntu does?). > > For the past 9 months, the development version of Ubuntu tests the > beta versions of the new major webkit2gtk release (for instance > Zesty tested the 2.15.90 releases). This has been useful in catching > regressions before they ever hit a stable webkit2gtk release. > > If a webkit2gtk release fixes publicized CVEs, the release is now > pushed as a security update into Ubuntu Stable Releases fairly > quickly.
The problem is that point releases with fixes for CVEs can also introduce regressions (#855103, introduced in 2.14.4). That one was fixed quickly, though, but that's why I was asking. Berto
