Hi, FWIW, Fedora also updated their packages[1], and Archlinux had a qt5-webkit-ng package[2] since January, which recently got merged[3] back into the main qt5-webkit package.
I'll have to disagree with this being a "wishlist" bug - Security wise, the old QtWebKit is worse than WebKitGTK 2.4, which gets dropped from buster[4] - we're talking about ~3 years of delta from upstream WebKit, including all security fixes in that timespan, which are missing from the current QtWebKit package. Even if Debian doesn't intend to provide security support[5] for QtWebKit, there are various packages depending on it which deal with untrusted input. There's also a lot of other bugfixes; a lot of websites break or segfault with the legacy QtWebKit package. Florian [1] http://lupinix.blogspot.ch/2017/06/improving-qtwebkit-security-for-fedora.html [2] https://lists.archlinux.org/pipermail/arch-dev-public/2017-January/028656.html [3] https://lists.archlinux.org/pipermail/arch-dev-public/2017-June/028895.html [4] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866671 [5] https://www.debian.org/releases/stretch/amd64/release-notes/ch-information.en.html#browser-security -- https://www.qutebrowser.org | m...@the-compiler.org (Mail/XMPP) GPG: 916E B0C8 FD55 A072 | https://the-compiler.org/pubkey.asc I love long mails! | https://email.is-not-s.ms/
signature.asc
Description: PGP signature