On 2016-04-29 16:23, Jochen Sprickerhof wrote:
> Hi,
>
> just saw this commit:
>
> http://git.suckless.org/sites/commit/?id=6e3450a047c5f7eda300f68814f7b1dfd499119e
>
> Can someone (_AT_Christoph) please specify which version of Webkit and
> which
> packaging is meant and what are the symptoms of hell?
>
> Thanks!
>
> Jochen
There are very often serious vulnerabilities in webkit [1] so it is
important to keep your webkit version updated to the newest possible.
Distros tend not to keep their webkit version updated fast enough to
keep you safe [2] so I think it's best to use our own webkit and pull in
latest changes and rebuild it often. (although this has improved since
the blog post).
There was an API change between webkit and webkit2, surf uses the
original and it not receiving new security updates. There may be
exploits for it in the wild. Therefore the webkit2 version of surf is
very important.
[1]
http://webkitgtk.org/security.html
[2]
https://blogs.gnome.org/mcatanzaro/2016/02/01/on-webkit-security-updates/
Received on Fri Apr 29 2016 - 20:30:58 CEST