Hey Dmitry, On Fri, Jul 07, 2017 at 02:28:25PM +0300, Dmitry Shachnev wrote: > Control: severity -1 important > > Hi Florian! > > On Fri, Jul 07, 2017 at 12:59:09PM +0200, Florian Bruhin wrote: > > I'll have to disagree with this being a "wishlist" bug - Security wise, > > the old QtWebKit is worse than WebKitGTK 2.4, which gets dropped from > > buster[4] - we're talking about ~3 years of delta from upstream WebKit, > > including all security fixes in that timespan, which are missing from > > the current QtWebKit package. Even if Debian doesn't intend to provide > > security support[5] for QtWebKit, there are various packages depending > > on it which deal with untrusted input. > > I absolutely agree. Bumping the bug severity to important. > > However as I said, we need to focus on Qt 5.7.1 → 5.9.1 transition now, > which still has some blockers. After the transition is done, we will be > able to do some other Qt tasks not directly related to upgrade, i.e. > updating QtWebKit or building QtBase with GL ES support on AArch64. > > I hope we will do the transition within a couple of weeks, but it depends > on my time and amount of other tasks.
Sure, I agree keeping Qt up to date is also important - hope everything goes well with that. Thank you! :) Florian -- https://www.qutebrowser.org | m...@the-compiler.org (Mail/XMPP) GPG: 916E B0C8 FD55 A072 | https://the-compiler.org/pubkey.asc I love long mails! | https://email.is-not-s.ms/
signature.asc
Description: PGP signature
