Re: [dev] "Note On Webkit Versions"

From: <rain1_AT_openmailbox.org>
Date: Fri, 29 Apr 2016 19:30:58 +0100

On 2016-04-29 16:23, Jochen Sprickerhof wrote:
> Hi,
>
> just saw this commit:
>
> http://git.suckless.org/sites/commit/?id=6e3450a047c5f7eda300f68814f7b1dfd499119e
>
> Can someone (_AT_Christoph) please specify which version of Webkit and
> which
> packaging is meant and what are the symptoms of hell?
>
> Thanks!
>
> Jochen

There are very often serious vulnerabilities in webkit [1] so it is
important to keep your webkit version updated to the newest possible.

Distros tend not to keep their webkit version updated fast enough to
keep you safe [2] so I think it's best to use our own webkit and pull in
latest changes and rebuild it often. (although this has improved since
the blog post).

There was an API change between webkit and webkit2, surf uses the
original and it not receiving new security updates. There may be
exploits for it in the wild. Therefore the webkit2 version of surf is
very important.

[1] http://webkitgtk.org/security.html
[2]
https://blogs.gnome.org/mcatanzaro/2016/02/01/on-webkit-security-updates/
Received on Fri Apr 29 2016 - 20:30:58 CEST

This archive was generated by hypermail 2.3.0 : Fri Apr 29 2016 - 20:36:11 CEST