2017-01-18 23:42 GMT+01:00 Jan Alexander Steffens via arch-dev-public < arch-dev-public@archlinux.org>:
To protect our users we should try to limit the packages using webkitgtk(2)., with the goal of eventually getting rid of it completely. I propose making a TODO that covers all these packages, with the following policy:
- If it can be updated to webkit2gtk, do so. - Otherwise, if WebKit is an optional dependency, build without it. - Otherwise, consider removing the package, especially if it's a browser.
Thoughts?
+1 I think we should drop every applications that use WebkitGTK+ to render HTML content from insecure sources (e.g. allow to load web pages or open any local HTML files). If an application loads some internal HTML content only, and there is no alternative renderer, then it's okay to keep it. We should consider the same thing for qtwebkit, which is unmaintained too, but it affects much more packages. About my packages: - blam, gnome-web-photo, screenlets, screenlets-pack-basic: these are unmaintained by upstream a long time ago, therefore I'll drop them. - sparkleshare, webkitgtk-sharp: git master uses webkit2gtk (trough webkit2-sharp), so I'll update sparkleshare, and drop webkitgtk-sharp. - pywebkitgtk: I'll orphan this package, still used by others. -- György Balló Trusted User