Package: release-notes Severity: normal Control: clone -1 -2 Control: reassign -2 debian-security-support Control: retitle -2 consider specifying limited security support of qt6-webengine like for Qt 5 Control: affects -2 src:qt6-webengine
Hello, In the Trixie release notes at https://www.debian.org/releases/trixie/release-notes/issues.en.html#security-status-of-web-browsers-and-their-rendering-engines one finds > Applications using the webkit2gtk source package (e.g. epiphany) are covered > by security support, but applications using qtwebkit (source package > qtwebkit-opensource-src) are not. However that source package doesn't exist anymore and I don't think Qt WebKit does anymore either. Instead Qt's web technology stuff has splintered into a few source packages that (if I recall correctly) uses the Blink engine instead of WebKit. In /usr/share/debian-security-support/security-support.deb13 one finds as an apparent successor the following: > qtwebengine-opensource-src limited No security support upstream and > backports not feasible, only for use on trusted content That package is implicitly for Qt 5, but Trixie includes Qt 6 also and its equivalent, 'src:qt6-webengine', isn't mentioned anywhere at all. I suppose the release notes don't need to mention that source package (or indeed any of them) by name, but you may want to get Security Team confirmation (such as in my secondary bug report) before finalizing a change in wording. Thanks for your attention.
signature.asc
Description: This is a digitally signed message part
smime.p7s
Description: S/MIME cryptographic signature
