On Tue, Oct 10, 2017 at 4:45 PM, Morten Linderud <foxboron@archlinux.org> wrote:
On Tue, Oct 10, 2017 at 04:34:35PM -0400, Eric Blau wrote:
While it is true that webkitgtk2 has security vulnerabilities and should not be used for web browsing, web apps, etc., gnucash merely uses it to generate reports based on your own data. As such, it's likely not vulnerable to the same security issues as other web applications based on it.
I know the developers are in the process of migrating away from it, but until that time, I think it should be supported and not dropped for the above reason.
webkitgtk2 would have do be added back to the repos for this to happen, and that won't happen. It was a big deal to remove it in the first place.
OK, thanks for the response. It's a shame that gnucash is lumped with other packages with real attacks possible against them, but I understand why it had to be done. Hopefully gnucash can migrate off webkitgtk2 quickly and make it back in to the repos. -Eric