[arch-general] gnucash [aur]->[community]?
Gnucash has 44 votes on AUR. It's useful (and very old, stable) accounting/bookkeeping software. Would any TUs be willing to migrate it from AUR to [community]? https://aur.archlinux.org/packages/gnucash/
On Tue, Oct 10, 2017 at 03:49:27PM -0400, Ido Rosen wrote:
Gnucash has 44 votes on AUR. It's useful (and very old, stable) accounting/bookkeeping software. Would any TUs be willing to migrate it from AUR to [community]?
It was moved from [extra] on the 30th of june because it still depends on webkitgtk2, which is flawed and has multiple security issues. -- Morten Linderud PGP: 9C02FF419FECBE16
On Tue, Oct 10, 2017 at 3:57 PM, Morten Linderud <morten@linderud.pw> wrote:
On Tue, Oct 10, 2017 at 03:49:27PM -0400, Ido Rosen wrote:
Gnucash has 44 votes on AUR. It's useful (and very old, stable) accounting/bookkeeping software. Would any TUs be willing to migrate it from AUR to [community]?
It was moved from [extra] on the 30th of june because it still depends on webkitgtk2, which is flawed and has multiple security issues.
While it is true that webkitgtk2 has security vulnerabilities and should not be used for web browsing, web apps, etc., gnucash merely uses it to generate reports based on your own data. As such, it's likely not vulnerable to the same security issues as other web applications based on it. I know the developers are in the process of migrating away from it, but until that time, I think it should be supported and not dropped for the above reason. Regards, Eric
On Tue, Oct 10, 2017 at 04:34:35PM -0400, Eric Blau wrote:
On Tue, Oct 10, 2017 at 3:57 PM, Morten Linderud <morten@linderud.pw> wrote:
On Tue, Oct 10, 2017 at 03:49:27PM -0400, Ido Rosen wrote:
Gnucash has 44 votes on AUR. It's useful (and very old, stable) accounting/bookkeeping software. Would any TUs be willing to migrate it from AUR to [community]?
It was moved from [extra] on the 30th of june because it still depends on webkitgtk2, which is flawed and has multiple security issues.
While it is true that webkitgtk2 has security vulnerabilities and should not be used for web browsing, web apps, etc., gnucash merely uses it to generate reports based on your own data. As such, it's likely not vulnerable to the same security issues as other web applications based on it.
I know the developers are in the process of migrating away from it, but until that time, I think it should be supported and not dropped for the above reason.
webkitgtk2 would have do be added back to the repos for this to happen, and that won't happen. It was a big deal to remove it in the first place. https://www.archlinux.org/todo/phasing-out-webkitgtk2/ -- Morten Linderud PGP: 9C02FF419FECBE16
On Tue, Oct 10, 2017 at 4:45 PM, Morten Linderud <foxboron@archlinux.org> wrote:
On Tue, Oct 10, 2017 at 04:34:35PM -0400, Eric Blau wrote:
While it is true that webkitgtk2 has security vulnerabilities and should not be used for web browsing, web apps, etc., gnucash merely uses it to generate reports based on your own data. As such, it's likely not vulnerable to the same security issues as other web applications based on it.
I know the developers are in the process of migrating away from it, but until that time, I think it should be supported and not dropped for the above reason.
webkitgtk2 would have do be added back to the repos for this to happen, and that won't happen. It was a big deal to remove it in the first place.
OK, thanks for the response. It's a shame that gnucash is lumped with other packages with real attacks possible against them, but I understand why it had to be done. Hopefully gnucash can migrate off webkitgtk2 quickly and make it back in to the repos. -Eric
Gnucash 2.7.0 uses webkit2gtk for non-windows builds, though it's "unstable". I'd imagine it could get moved back to community after that version is stable. https://github.com/Gnucash/gnucash/commit/0004a44f5f188d910cf7ab155ed1f0ce7f... On 10/10/2017 05:01 PM, Eric Blau wrote:
On Tue, Oct 10, 2017 at 4:45 PM, Morten Linderud <foxboron@archlinux.org> wrote:
On Tue, Oct 10, 2017 at 04:34:35PM -0400, Eric Blau wrote:
While it is true that webkitgtk2 has security vulnerabilities and should not be used for web browsing, web apps, etc., gnucash merely uses it to generate reports based on your own data. As such, it's likely not vulnerable to the same security issues as other web applications based on it.
I know the developers are in the process of migrating away from it, but until that time, I think it should be supported and not dropped for the above reason.
webkitgtk2 would have do be added back to the repos for this to happen, and that won't happen. It was a big deal to remove it in the first place.
https://www.archlinux.org/todo/phasing-out-webkitgtk2/ OK, thanks for the response. It's a shame that gnucash is lumped with other packages with real attacks possible against them, but I understand why it had to be done. Hopefully gnucash can migrate off webkitgtk2 quickly and make it back in to the repos.
-Eric
El Tue, 10 Oct 2017 15:49:27 -0400, Ido Rosen escribió:
Gnucash has 44 votes on AUR. It's useful (and very old, stable) accounting/bookkeeping software. Would any TUs be willing to migrate it from AUR to [community]?
Not until it is ported away from webkitgtk, which is why it was dropped in the first place
participants (6)
-
Antonio Rojas
-
Eric Blau
-
Ido Rosen
-
Morten Linderud
-
Morten Linderud
-
Ryan Petris