Michael Catanzaro describes
the sad state of WebKit security on Linux distributions and the
challenges of security support for such a complex package in general.
"We regularly receive bug reports from users with very old versions
of WebKit, who trust their distributors to handle security for them and
might not even realize they are running ancient, unsafe versions of
WebKit. I strongly recommend using a distribution that releases WebKitGTK+
updates shortly after they’re released upstream. That is currently only
Arch and Fedora. (You can also safely use WebKitGTK+ in Debian testing —
except during its long freeze periods — and Debian unstable, and maybe also
in openSUSE Tumbleweed. Just be aware that the stable releases of these
distributions are currently not receiving our security updates.)"
Lots of information here, worth a read for anybody interested in the topic.
↧
