[arch-general] gnucash [aur]->[community]?
Eric Blau
eblau at eblau.com
Tue Oct 10 21:01:33 UTC 2017
On Tue, Oct 10, 2017 at 4:45 PM, Morten Linderud <foxboron at archlinux.org> wrote:
> On Tue, Oct 10, 2017 at 04:34:35PM -0400, Eric Blau wrote:
>>
>> While it is true that webkitgtk2 has security vulnerabilities and
>> should not be used for web browsing, web apps, etc., gnucash merely
>> uses it to generate reports based on your own data. As such, it's
>> likely not vulnerable to the same security issues as other web
>> applications based on it.
>>
>> I know the developers are in the process of migrating away from it,
>> but until that time, I think it should be supported and not dropped
>> for the above reason.
>>
>
> webkitgtk2 would have do be added back to the repos for this to happen, and that
> won't happen. It was a big deal to remove it in the first place.
>
> https://www.archlinux.org/todo/phasing-out-webkitgtk2/
OK, thanks for the response. It's a shame that gnucash is lumped with
other packages with real attacks possible against them, but I
understand why it had to be done. Hopefully gnucash can migrate off
webkitgtk2 quickly and make it back in to the repos.
-Eric
More information about the arch-general
mailing list