From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id C0E83139694 for ; Mon, 5 Jun 2017 17:43:06 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 80F01E0E4B; Mon, 5 Jun 2017 17:42:57 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 39DE8E0E3C for ; Mon, 5 Jun 2017 17:42:57 +0000 (UTC) Received: from [192.168.1.100] (c-98-218-46-55.hsd1.md.comcast.net [98.218.46.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: mjo) by smtp.gentoo.org (Postfix) with ESMTPSA id 429953418EA for ; Mon, 5 Jun 2017 17:42:56 +0000 (UTC) Subject: Re: [gentoo-dev] Last rites: www-client/phantomjs and dev-ruby/poltergeist To: gentoo-dev@lists.gentoo.org References: <1496646687.9038.9.camel@gentoo.org> <20170605230605.099dfdc3@katipo2.lan> From: Michael Orlitzky Message-ID: Date: Mon, 5 Jun 2017 13:42:50 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 In-Reply-To: <20170605230605.099dfdc3@katipo2.lan> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Archives-Salt: a1d6a8f5-9a37-4a99-b9e6-aae4de673f80 X-Archives-Hash: ed9a91cc7346fade032af932f175721b On 06/05/2017 07:06 AM, Kent Fredric wrote: > On Mon, 05 Jun 2017 09:11:27 +0200 > Hans de Graaff wrote: > >> # Hans de Graaff (05 Jun 2017) >> # Bundles obsolete and vulnerable webkit version. >> # Upstream has stopped development and recommends using >> # headless mode in >=www-client/chromium-59. >> # Masked for removal in 30 days. Bug #589994. >> www-client/phantomjs > > Can phantomjs be simply masked for a longer period until the development > world has had an opportunity to catch up? > The real reason for the mask is that it bundles an ancient version of qtwebkit with a ton of known security vulnerabilities. Hans was attempting to fix it, but now that upstream is dead, it will remain insecure forever.