On 2016-04-29 16:23, Jochen Sprickerhof wrote:
Hi,
just saw this commit:
http://git.suckless.org/sites/commit/?id=6e3450a047c5f7eda300f68814f7b1dfd499119e
Can someone (@Christoph) please specify which version of Webkit and
which
packaging is meant and what are the symptoms of hell?
Thanks!
Jochen
There are very often serious vulnerabilities in webkit [1] so it is
important to keep your webkit version updated to the newest possible.
Distros tend not to keep their webkit version updated fast enough to
keep you safe [2] so I think it's best to use our own webkit and pull in
latest changes and rebuild it often. (although this has improved since
the blog post).
There was an API change between webkit and webkit2, surf uses the
original and it not receiving new security updates. There may be
exploits for it in the wild. Therefore the webkit2 version of surf is
very important.
[1] http://webkitgtk.org/security.html
[2]
https://blogs.gnome.org/mcatanzaro/2016/02/01/on-webkit-security-updates/
