Re: [arch-dev-public] Phasing out webkitgtk{,2}

2017-01-18 Thread Antonio Rojas
El Thu, 19 Jan 2017 01:14:27 +0100, Balló György via arch-dev-public escribió: > > We should consider the same thing for qtwebkit, which is unmaintained too, > but it affects much more packages. Not really. The reverse dependency list is big because it contains KDE4, but there are already patch

Re: [arch-dev-public] Phasing out gstreamer0.10

2017-01-18 Thread Jan Alexander Steffens via arch-dev-public
On Thu, Jan 19, 2017 at 2:18 AM Balló György via arch-dev-public < arch-dev-public@archlinux.org> wrote: > I think we could try to get rid from gstreamer0.10, so I propose to make a > TODO for these packages, similar to webkitgtk: >- If it can be updated to GStreamer 1, do so. >- Otherwise

[arch-dev-public] Phasing out gstreamer0.10

2017-01-18 Thread Balló György via arch-dev-public
Beside to WebkitGTK+, GStreamer 0.10 is unmaintained too. [1] The last release was in 2012. Most of the applications are already ported to GStreamer 1. The last major user is wxGTK, but an upstream patch is available for GStreamer 1 support. [2] Currently the following packages depending on GStrea

Re: [arch-dev-public] Phasing out webkitgtk{,2}

2017-01-18 Thread Balló György via arch-dev-public
2017-01-18 23:42 GMT+01:00 Jan Alexander Steffens via arch-dev-public < arch-dev-public@archlinux.org>: > To protect our users we should try to limit the packages using > webkitgtk(2)., with the goal of eventually getting rid of it completely. I > propose making a TODO that covers all these packag

Re: [arch-dev-public] Phasing out webkitgtk{,2}

2017-01-18 Thread Gaetan Bisson
[2017-01-18 22:42:38 +] Jan Alexander Steffens via arch-dev-public: > WebkitGTK+ 2.4 has been unmaintained for quite a while, and lots of CVEs > have accumulated. The last release fixing CVEs, 2.4.10, only fixed about > half the vulnerabilities known, and that release was only made because > 2.

Re: [arch-dev-public] Phasing out webkitgtk{,2}

2017-01-18 Thread keenerd via arch-dev-public
As the maintainer of one of those browsers, I'll also be prodding upstream about the issue if it can't easily be updated. The last time this came up (Dec 2015), Xombrero's author said > We briefly looked at the 2.x stuff but that would basically be a rewrite and > even more unfortunate is that n

[arch-dev-public] Phasing out webkitgtk{,2}

2017-01-18 Thread Jan Alexander Steffens via arch-dev-public
Hello list, WebkitGTK+ 2.4 has been unmaintained for quite a while, and lots of CVEs have accumulated. The last release fixing CVEs, 2.4.10, only fixed about half the vulnerabilities known, and that release was only made because 2.4.9 was broken with GTK+ 3.20, and Evolution quickly needed a worki