From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev+bounces-83518-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 121FA138206
	for <garchives@archives.gentoo.org>; Tue, 16 Jan 2018 21:56:38 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 07F1DE08DF;
	Tue, 16 Jan 2018 21:56:32 +0000 (UTC)
Received: from smtp102-3.vfemail.net (onethreethree.vfemail.net [199.16.11.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id A4557E08A2
	for <gentoo-dev@lists.gentoo.org>; Tue, 16 Jan 2018 21:56:31 +0000 (UTC)
Received: (qmail 29148 invoked by uid 89); 16 Jan 2018 21:56:27 -0000
Received: by simscan 1.4.0 ppid: 29139, pid: 29145, t: 0.1843s
         scanners:none
Received: from unknown (HELO bXlzZWw=) (aHNAdmZlbWFpbC5uZXQ=@ODcuMjQ0LjIzMy4xNTM=)
  by 172.16.100.62 with ESMTPSA (DHE-RSA-AES256-GCM-SHA384 encrypted, authenticated); 16 Jan 2018 21:56:27 -0000
X-Received: id A19E140055
	for <gentoo-dev@lists.gentoo.org>; Tue, 16 Jan 2018 22:56:27 +0100 (CET)
Date: Tue, 16 Jan 2018 22:56:25 +0100
From: =?UTF-8?B?UsOzYmVydCDEjGVyxYhhbnNrw70=?= <openhs@tightmail.com>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] News Item: GnuCash 2.7+ Breaking Change
Message-ID: <20180116225602.280cd36e.openhs@tightmail.com>
In-Reply-To: <ec9cd05e-30a4-d07b-e1a7-17bc156d5b91@gentoo.org>
References: <20180110183135.GD15225@martineau.grandmasfridge.local>
	<CAE+k_gJLyyO01Bh1DJEDkuYZ1+=49+jOy=qj+o0mwy+xrwCZ1Q@mail.gmail.com>
	<1515617164.20929.1.camel@gentoo.org>
	<20180116150745.0000412a@tightmail.com>
	<20180116144559.GA6684@gengoff>
	<ec9cd05e-30a4-d07b-e1a7-17bc156d5b91@gentoo.org>
User-Agent: Claws Mail
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Archives-Salt: 12577fac-2c5e-4d40-94cb-cdda5bd0704a
X-Archives-Hash: 5d589483b9e378837fd3812823017c4b

On Tue, 16 Jan 2018 15:58:11 +0100
Kristian Fiskerstrand <k_f@gentoo.org> wrote:

> On 01/16/2018 03:45 PM, Aaron W. Swenson wrote:
> > Given the situation, we have a choice: Remove GnuCash altogether, or
> > press ahead with recommending a version upstream considers
> > unstable. =20
>=20
> Or 3, discuss with upstream to see if they can release an updated
> version as stable branch.

4. Mask the vulnerable webkit-gtk.  This way: A. User is informed.
B. Manual action is required to continue using such package.

I see this as the most obvious choice considering that I am still
unable to find any possible attack vector against GnuCash.  If it is me
and only me who enters data.  Webkit reports are generated from those
data.  How can anyone hack me through GnuCash?

In general, many times users use applications in a way that
vulnerabilities does not apply to their use cases.  I would prefer to
be informed and allowed to continue using such application as a part of
the distro.

Robert


--=20
R=C3=B3bert =C4=8Cer=C5=88ansk=C3=BD
E-mail: openhs@tightmail.com
Jabber: hs@jabber.sk