Hi Sune, hi Salvo On Sun, Feb 16, 2014 at 02:56:10PM +0100, Salvo Tomaselli wrote: > reopen 739164 > thanks > > > I have no plans to remove Arora from the archive. > > The bug is directed more at the security team than at you, please let one of > them respond before taking any action on this. > > By common logic if QtWebkit is a security risk and rekonq had to be removed, > it is possible that the same applies to arora. However I don't know if the > situation of the library from a security point of view has changed. >
AFAIK, rekonq was removed since it is unupported security-wise but in addition it was unmaintained. The accumulated reasons lead to a removal of the package. The Wheezy release notes cover the security status of web browsers more generally: | 5.2. Security status of web browsers | | Debian 7.0 includes several browser engines which are affected by a | steady stream of security vulnerabilities. The high rate of | vulnerabilities and partial lack of upstream support in the form of long | term branches make it very difficult to support these browsers with | backported security fixes. Additionally, library interdependencies make | it impossible to update to newer upstream releases. Therefore, browsers | built upon the webkit, qtwebkit and khtml engines are included in | Wheezy, but not covered by security support. These browsers should not | be used against untrusted websites. | | For general web browser use we recommend browsers building on the | Mozilla xulrunner engine (Iceweasel and Iceape) or Chromium. | | Xulrunner has had a history of good backportability for older releases | over the previous release cycles. Chromium - while built upon the Webkit | codebase - is a leaf package, which will be kept up-to-date by | rebuilding the current Chromium releases for stable. [1] https://www.debian.org/releases/stable/amd64/release-notes/ch-information.en.html#browser-security So such browser still might be kept in the archive, under condition they are maintained. But security-wise they will not be supported and thus should only be used against trusted websites. Regards, Salvatore
signature.asc
Description: Digital signature
