Rebuild Todo List Phasing out qtwebkit

2017-01-20 - Balló György

QtWebKit for Qt 4 has been unmaintained for quite a while, and lots of CVEs have accumulated.

For more information about the WebKit situation, take a look at
https://blogs.gnome.org/mcatanzaro/2016/02/01/on-webkit-security-updates/

To protect our users we should try to limit the packages using qtwebkit, with the goal of eventually getting rid of it completely.

This TODO contains a list of packages which depend (directly or indirectly) on qtwebkit, except:
- if the package depends on kdelibs and it doesn't use the libkdewebkit.so library,
- if the package depends on python{,2}-pyqt4 and it doesn't use the QtWebKit module.

What should be done:
- If the package can be updated to Qt 5, do so.
- Otherwise, if QtWebKit is an optional dependency, build without it.
- Otherwise, consider removing the package, especially if it's a browser.

Updated packages can go straight to extra/community.

If nothing can be done right now, mark the package as completed anyway. We'll be evaluating the situation again after this TODO is through.

Link to lists of pkgbase values:

Filter Todo List Packages

Select filter criteria
6 packages displayed out of 6 total packages.
Arch Repository Name Current Version Staging Version Maintainers Status Last Touched By
x86_64 Extra amarok Complete arojas
x86_64 Extra k3b 1:24.02.0-1 felixonmars, arojas Complete arojas
x86_64 Extra kdelibs Complete arojas
x86_64 Extra python-pyqt4 Complete arojas
x86_64 Extra python2-pyqt4 Complete arojas
x86_64 Extra qtscriptgenerator Complete arojas