Rebuild Todo List Phasing out qtwebkit
QtWebKit for Qt 4 has been unmaintained for quite a while, and lots of CVEs have accumulated.
For more information about the WebKit situation, take a look at
https://blogs.gnome.org/mcatanzaro/2016/02/01/on-webkit-security-updates/
To protect our users we should try to limit the packages using qtwebkit, with the goal of eventually getting rid of it completely.
This TODO contains a list of packages which depend (directly or indirectly) on qtwebkit, except:
- if the package depends on kdelibs and it doesn't use the libkdewebkit.so library,
- if the package depends on python{,2}-pyqt4 and it doesn't use the QtWebKit module.
What should be done:
- If the package can be updated to Qt 5, do so.
- Otherwise, if QtWebKit is an optional dependency, build without it.
- Otherwise, consider removing the package, especially if it's a browser.
Updated packages can go straight to extra/community.
If nothing can be done right now, mark the package as completed anyway. We'll be evaluating the situation again after this TODO is through.
Filter Todo List Packages
Arch | Repository | Name | Current Version | Staging Version | Maintainers | Status | Last Touched By |
---|---|---|---|---|---|---|---|
x86_64 | Extra | amarok | Complete | arojas | |||
x86_64 | Extra | k3b | 1:24.12.0-1 | felixonmars, arojas | Complete | arojas | |
x86_64 | Extra | kdelibs | Complete | arojas | |||
x86_64 | Extra | python-pyqt4 | Complete | arojas | |||
x86_64 | Extra | python2-pyqt4 | Complete | arojas | |||
x86_64 | Extra | qtscriptgenerator | Complete | arojas |