Bug#989307: DSA-4923-1: upgrading libwebkit2gtk-4.0-37 on buster pulls in xdg-desktop-portal

2021-06-13 Thread Alberto Garcia
On Sun, Jun 13, 2021 at 10:52:18AM +0900, Olaf Meeuwissen wrote: > > Using xdg-desktop-portal-gtk is actually a consequence of the > > webkit processes now running inside a sandbox for security > > reasons, so there is a trade-off between not using the sandbox at > > all or using the sandbox but

Bug#989307: DSA-4923-1: upgrading libwebkit2gtk-4.0-37 on buster pulls in xdg-desktop-portal

2021-06-12 Thread Olaf Meeuwissen
Hi Alberto, Alberto Garcia writes: > On Mon, Jun 07, 2021 at 08:52:32PM +0900, Olaf Meeuwissen wrote: >> >> Package changes: >> >> + fuse 2.9.9-1+deb10u1 amd64 >> >> + libpipewire-0.2-1 0.2.5-1 amd64 >> >> + xdg-desktop-portal 1.2.0-1 amd64 >> >> + xdg-desktop-portal-gtk

Bug#989307: DSA-4923-1: upgrading libwebkit2gtk-4.0-37 on buster pulls in xdg-desktop-portal

2021-06-07 Thread Alberto Garcia
On Mon, Jun 07, 2021 at 08:52:32PM +0900, Olaf Meeuwissen wrote: > >> Package changes: > >> + fuse 2.9.9-1+deb10u1 amd64 > >> + libpipewire-0.2-1 0.2.5-1 amd64 > >> + xdg-desktop-portal 1.2.0-1 amd64 > >> + xdg-desktop-portal-gtk 1.2.0-1 amd64 > > > > Yes, these are the actual

Bug#989307: DSA-4923-1: upgrading libwebkit2gtk-4.0-37 on buster pulls in xdg-desktop-portal

2021-06-07 Thread Olaf Meeuwissen
Hi Alberto, Alberto Garcia writes: > On Sat, Jun 05, 2021 at 11:45:45AM +0900, Olaf Meeuwissen wrote: > >> In the mean time, I'll just `apt purge` the added packages. In my >> case these were the >> >> Package changes: >> + fuse 2.9.9-1+deb10u1 amd64 >> + libpipewire-0.2-1 0.2.5-1

Bug#989307: DSA-4923-1: upgrading libwebkit2gtk-4.0-37 on buster pulls in xdg-desktop-portal

2021-06-05 Thread Alberto Garcia
On Sat, Jun 05, 2021 at 11:45:45AM +0900, Olaf Meeuwissen wrote: > In the mean time, I'll just `apt purge` the added packages. In my > case these were the > > Package changes: > + fuse 2.9.9-1+deb10u1 amd64 > + libpipewire-0.2-1 0.2.5-1 amd64 > + xdg-desktop-portal 1.2.0-1 amd64

Bug#989307: DSA-4923-1: upgrading libwebkit2gtk-4.0-37 on buster pulls in xdg-desktop-portal

2021-06-04 Thread Olaf Meeuwissen
Hi, I also noted this, belatedly, due to running different machines with stable and testing. On a machine running testing, I wouldn't have minded much, but on a machine running stable security upgrades should not pull in extra packages (unless (Pre-)Depends:). Seeing that a Recommends: is by

Bug#989307: DSA-4923-1: upgrading libwebkit2gtk-4.0-37 on buster pulls in xdg-desktop-portal

2021-06-01 Thread Alberto Garcia
On Mon, May 31, 2021 at 08:32:53PM +0200, Holger Levsen wrote: > < h01ger> DSA 4923 causes xdg-desktop-portal(-gtk) to be installed > here, much to my surprise and unhappyness I think we can spare the discussion about whether this is a problem and how much of a problem it actually is, because I

Bug#989307: DSA-4923-1: upgrading libwebkit2gtk-4.0-37 on buster pulls in xdg-desktop-portal

2021-05-31 Thread Holger Levsen
Package: libwebkit2gtk-4.0-37 Version: 2.32.1-1~deb10u1 Severity: normal Dear Maintainer, from #debian-security today, Salvatore asked me to file this as a bug. < h01ger> DSA 4923 causes xdg-desktop-portal(-gtk) to be installed here, much to my surprise and unhappyness < h01ger> its a