Bug 1303844 - [rfe] please improve description to state differences to webkitgtk4 package
[rfe] please improve description to state differences to webkitgtk4 package
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: webkitgtk3 (Show other bugs)
23
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Matthias Clasen
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-02-02 03:32 EST by Christian Stadelmann
Modified: 2016-09-26 03:51 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-09-26 03:50:22 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Christian Stadelmann 2016-02-02 03:32:56 EST
Description of problem:
Currently there are two different packages, webkitgtk3 and webkitgtk4 with exactly identical package descriptions. This doesn't help users (and developers) who have to decide which one to install. Please improve the description and explain the difference between those two packages.

Version-Release number of selected component (if applicable):
2.10.7-1.fc23

How reproducible:
always, see spec file
Comment 1 Michael Catanzaro 2016-02-02 10:10:21 EST
The primary difference is that the webkitgtk3 package is old and insecure and should not be used, see https://blogs.gnome.org/mcatanzaro/2016/02/01/on-webkit-security-updates/

It would make sense to point this out in the webkitgtk3 package description.
Comment 2 Christian Stadelmann 2016-02-02 12:02:05 EST
Yes, or probably both. I've read your article before, that lead my attention to report this issue ;)

So shouldn't these package descriptions provide these pieces of information: (?)
* webkitgtk is shipping WebKit 1 with Gtk+ 2, old and insecure and deprecated
* webkitgtk3 is shipping WebKit 1 with Gtk+ 3, old and insecure and deprecated
* webkitgtk4 is shipping WebKit 2 with Gtk+ 3, multi-process architecture, currently the only recommended way to use WebKit with Gtk+
Comment 3 Michael Catanzaro 2016-02-02 13:13:41 EST
Makes sense.
Comment 4 Tomas Popela 2016-09-26 03:50:22 EDT
I went the other way and updated the package description for webkitgtk and webkitgtk3 packages and left the webkitgtk4 untouched.

webkitgtk: "This package contains an insecure and deprecated version of WebKitGTK+ for GTK+ 2."

webkitgtk3: "This package contains an insecure and deprecated version of WebKitGTK+ for GTK+ 3. Use WebKit2 instead."
Comment 5 Christian Stadelmann 2016-09-26 03:51:39 EDT
Thank you!

Note You need to log in before you can comment on or make changes to this bug.