[Secure-testing-team] [Pkg-chromium-maint] Chromium 6 in squeeze
Michael Gilbert
michael.s.gilbert at gmail.com
Thu Sep 2 23:49:21 UTC 2010
On Wed, Sep 1, 2010 at 4:24 AM, Giuseppe Iuculano wrote:
> Hi Release Team,
>
>
> In the next few days upstream will release chromium 6 in the stable
> channel. This means that v5 will not receive any further (security)
> update, and v6 will receive security and stability updates.
>
> I could start to backport patches, but unfortunately there are some
> important webkit security issues (SVG related) that are hard to backport
> due to at least one or two major refactoring[1] of the SVG code.
> This means that any future SVG security issue (and unfortunately they
> are frequent) will be hard to fix.
Is this a supportable approach? Once google discontinues version 6
after perhaps 2 months from now (5 was only stable for two months or
less), you're going to have to do the hard work of backports. I think
we should be working on making a libwebkit-chrome binary package from
the webkit source so we only need to backport to one webkit codebase.
Mike
More information about the Secure-testing-team
mailing list