please consider removing webkitgtk
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
webkitgtk (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Hello, WebKitGTK+ has recently started issuing regular security
updates[1]. These updates have been made available for the "webkit2"
version of WebKitGTK+, which is our webkit2gtk package. In a progress
report about the updates[2] Michael Catanzaro has asked distributions
to stop shipping the older version. The post includes, in part:
> [T]his old version of WebKit is affected by over 200 known
> vulnerabilities and really has to go sooner rather than later. We’ve
> agreed to remove WebKitGTK+ 2.4 and its dependencies from Fedora rawhide
> right after Fedora 26 is branched next month, so they will no longer be
> present in Fedora 27 (targeted for release in November).
It'd be nice to follow suit so that we don't ship this version of WebKit
in 18.04 LTS.
This transition may not be easy:
$ reverse-depends src:webkitgtk
Reverse-Depends
===============
* apvlv (for libwebkitgtk-3.0-0)
* balsa (for libjavascriptco
* balsa (for libwebkitgtk-1.0-0)
* banshee (for libwebkitgtk-1.0-0)
* bibledit-gtk (for libwebkitgtk-1.0-0)
* bijiben (for libwebkitgtk-3.0-0)
* cairo-dock-plug-ins (for libwebkitgtk-3.0-0)
* cinnamon (for gir1.2-
* cinnamon-
* claws-mail-
* cyclograph-gtk3 (for gir1.2-webkit-3.0)
* emacs25 (for libwebkitgtk-3.0-0)
* empathy (for libwebkitgtk-3.0-0)
* geany-plugin-
* geany-plugin-
* geany-plugin-
* geary (for libwebkitgtk-3.0-0)
* gnome-web-photo (for libwebkitgtk-3.0-0)
* gnucash (for libwebkitgtk-1.0-0)
* gphpedit (for libwebkitgtk-1.0-0)
* gtkpod (for libwebkitgtk-3.0-0)
* guitarix (for libwebkitgtk-1.0-0)
* libwebkit1.1-cil (for libwebkitgtk-1.0-0)
* libwebkitgtk3.0-cil (for libwebkitgtk-3.0-0)
* libwxgtk-
* liferea (for libwebkitgtk-3.0-0)
* lightdm-
* lightdm-
* luakit (for libjavascriptco
* luakit (for libwebkitgtk-1.0-0)
* maildir-utils-extra (for libwebkitgtk-3.0-0)
* midori (for libwebkitgtk-1.0-0)
* midori (for libjavascriptco
* monodevelop (for libwebkitgtk-1.0-0)
* node-topcube (for libwebkitgtk-1.0-0)
* osmo (for libwebkitgtk-1.0-0)
* python-webkit (for libwebkitgtk-1.0-0)
* ruby-webkit-gtk (for gir1.2-webkit-3.0)
* sugar-read-activity (for gir1.2-webkit-3.0)
* surf (for libjavascriptco
* surf (for libwebkitgtk-3.0-0)
* thawab (for gir1.2-webkit-3.0)
* typecatcher (for gir1.2-webkit-3.0)
* ubuntu-
* uzbl (for libwebkitgtk-1.0-0)
* uzbl (for libjavascriptco
* variety (for gir1.2-webkit-3.0)
* webkit-image-gtk (for libwebkitgtk-1.0-0)
* webkit2pdf (for libwebkitgtk-1.0-0)
* xiphos (for libwebkitgtk-3.0-0)
* xombrero (for libjavascriptco
* xombrero (for libwebkitgtk-3.0-0)
* xtrkcad (for libwebkitgtk-1.0-0)
* zekr (for libwebkitgtk-1.0-0)
The Fedora plans include removing all packages that aren't upgraded[3]:
> Dependencies that are not updated to use modern WebKit will not be
> present in Fedora 27.
Thanks
1: https:/
2: https:/
3: https:/
I looked a bit at this, and there seems to be some ongoing work to remove this package in bug 1588150. So I wonder whether this should be marked as a duplicate?