On 16/01/18 21:56, Róbert Čerňanský wrote: > On Tue, 16 Jan 2018 15:58:11 +0100 > Kristian Fiskerstrand <k...@gentoo.org> wrote: > >> On 01/16/2018 03:45 PM, Aaron W. Swenson wrote: >>> Given the situation, we have a choice: Remove GnuCash altogether, or >>> press ahead with recommending a version upstream considers >>> unstable. >> Or 3, discuss with upstream to see if they can release an updated >> version as stable branch. > 4. Mask the vulnerable webkit-gtk. This way: A. User is informed. > B. Manual action is required to continue using such package. > > I see this as the most obvious choice considering that I am still > unable to find any possible attack vector against GnuCash. If it is me > and only me who enters data. Webkit reports are generated from those > data. How can anyone hack me through GnuCash? > > In general, many times users use applications in a way that > vulnerabilities does not apply to their use cases. I would prefer to > be informed and allowed to continue using such application as a part of > the distro. > > Robert > > Forgive my potential misunderstanding here .. but who's actively preventing you from using GnuCash 2.6? You can take a copy locally to /usr/local/portage so that When/If finally it gets removed from the central package 'tree' it will run for you provided its requirements are still met on your system ...
signature.asc
Description: OpenPGP digital signature
