From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 11E43138206 for ; Tue, 16 Jan 2018 14:25:52 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 7EAA3E0909; Tue, 16 Jan 2018 14:25:46 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 25486E0843 for ; Tue, 16 Jan 2018 14:25:46 +0000 (UTC) Received: from [10.100.0.22] (host-37-191-226-104.lynet.no [37.191.226.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: k_f) by smtp.gentoo.org (Postfix) with ESMTPSA id 75073335C0C; Tue, 16 Jan 2018 14:25:44 +0000 (UTC) Subject: Re: [gentoo-dev] News Item: GnuCash 2.7+ Breaking Change To: gentoo-dev@lists.gentoo.org, =?UTF-8?B?UsOzYmVydCDEjGVyxYhhbnNrw70=?= References: <20180110183135.GD15225@martineau.grandmasfridge.local> <1515617164.20929.1.camel@gentoo.org> <20180116150745.0000412a@tightmail.com> From: Kristian Fiskerstrand Message-ID: <1e9fc8e6-1433-c6d1-c7a4-f61ea1045e43@gentoo.org> Date: Tue, 16 Jan 2018 15:24:48 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 In-Reply-To: <20180116150745.0000412a@tightmail.com> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="XLM18GZ7nIqsBcLYyHVtOZIROINwp1D4B" X-Archives-Salt: 27b1139b-bf0b-413c-9550-fe136d02c60b X-Archives-Hash: 4f826d7184bc601f79bc463ab9ad6979 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --XLM18GZ7nIqsBcLYyHVtOZIROINwp1D4B Content-Type: multipart/mixed; boundary="ED8MqQtyp23T4si6bVpkWH96gSGIKoz2f"; protected-headers="v1" From: Kristian Fiskerstrand Reply-To: k_f@gentoo.org To: gentoo-dev@lists.gentoo.org, =?UTF-8?B?UsOzYmVydCDEjGVyxYhhbnNrw70=?= Message-ID: <1e9fc8e6-1433-c6d1-c7a4-f61ea1045e43@gentoo.org> Subject: Re: [gentoo-dev] News Item: GnuCash 2.7+ Breaking Change References: <20180110183135.GD15225@martineau.grandmasfridge.local> <1515617164.20929.1.camel@gentoo.org> <20180116150745.0000412a@tightmail.com> In-Reply-To: <20180116150745.0000412a@tightmail.com> --ED8MqQtyp23T4si6bVpkWH96gSGIKoz2f Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 01/16/2018 03:07 PM, R=C3=B3bert =C4=8Cer=C5=88ansk=C3=BD wrote: > I think generated reports are typical use of webkit in GnuCash. Are > attack vectors so severe also in this case? Yes, as it would hinder upgrade / keep the vulnerable libraries on the system that can possibly be used by other packages. That said, I agree with the overall premise of discussion, and stability guarantees for the stable keywords, have anyone been in contact with upstream and discussed the issue of getting a stable release branch not based on the old webkit? --=20 Kristian Fiskerstrand OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 --ED8MqQtyp23T4si6bVpkWH96gSGIKoz2f-- --XLM18GZ7nIqsBcLYyHVtOZIROINwp1D4B Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEtOrRIMf4mkrqRycHJQt6/tY3nYUFAlpeCzAACgkQJQt6/tY3 nYX2sAf8DffaVwSr3/hZ/Nyh3rmZaU+KxQFXKjlmDY76HJMFzeD6XihN5yOl5gTy PNHSX2cm5PCR2n8zj0SeF2VQmHTbX+EAClgLAbfpUfm66iewXQ+QAot5/NClmrQ1 fl6f85+jzsxQf6eUcEgCHOOgeesQ0F2Ki2on61h8qYppqMlROS26EIda0m2iTOQk Kfpa/IapqYKaKbDox6aBXCwcYUz5Qt/KHXjGNwWzN/k0K72If1YaH6BumSFSy9lJ 6uwooGz17OvZrZBfkrxmRzn4zyia5i1Y2G8axPueV1zwR7n01EAyguw+3iQcZMaC 3MeoTUVQssG7NIvfunYNqhDEruhNDw== =wskM -----END PGP SIGNATURE----- --XLM18GZ7nIqsBcLYyHVtOZIROINwp1D4B--