Bug 1303844

Summary: [rfe] please improve description to state differences to webkitgtk4 package
Product: [Fedora] Fedora Reporter: Christian Stadelmann <fedora>
Component: webkitgtk3Assignee: Matthias Clasen <mclasen>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 23CC: klember, mcatanzaro+wrong-account-do-not-cc, mclasen, tpopela
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-09-26 07:50:22 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Christian Stadelmann 2016-02-02 08:32:56 UTC 
Description of problem:
Currently there are two different packages, webkitgtk3 and webkitgtk4 with exactly identical package descriptions. This doesn't help users (and developers) who have to decide which one to install. Please improve the description and explain the difference between those two packages.

Version-Release number of selected component (if applicable):
2.10.7-1.fc23

How reproducible:
always, see spec file
Comment 1 Michael Catanzaro 2016-02-02 15:10:21 UTC 
The primary difference is that the webkitgtk3 package is old and insecure and should not be used, see https://blogs.gnome.org/mcatanzaro/2016/02/01/on-webkit-security-updates/

It would make sense to point this out in the webkitgtk3 package description.
Comment 2 Christian Stadelmann 2016-02-02 17:02:05 UTC 
Yes, or probably both. I've read your article before, that lead my attention to report this issue ;)

So shouldn't these package descriptions provide these pieces of information: (?)
* webkitgtk is shipping WebKit 1 with Gtk+ 2, old and insecure and deprecated
* webkitgtk3 is shipping WebKit 1 with Gtk+ 3, old and insecure and deprecated
* webkitgtk4 is shipping WebKit 2 with Gtk+ 3, multi-process architecture, currently the only recommended way to use WebKit with Gtk+
Comment 3 Michael Catanzaro 2016-02-02 18:13:41 UTC 
Makes sense.
Comment 4 Tomas Popela 2016-09-26 07:50:22 UTC 
I went the other way and updated the package description for webkitgtk and webkitgtk3 packages and left the webkitgtk4 untouched.

webkitgtk: "This package contains an insecure and deprecated version of WebKitGTK+ for GTK+ 2."

webkitgtk3: "This package contains an insecure and deprecated version of WebKitGTK+ for GTK+ 3. Use WebKit2 instead."
Comment 5 Christian Stadelmann 2016-09-26 07:51:39 UTC 
Thank you!