Description of problem: Currently there are two different packages, webkitgtk3 and webkitgtk4 with exactly identical package descriptions. This doesn't help users (and developers) who have to decide which one to install. Please improve the description and explain the difference between those two packages. Version-Release number of selected component (if applicable): 2.10.7-1.fc23 How reproducible: always, see spec file
The primary difference is that the webkitgtk3 package is old and insecure and should not be used, see https://blogs.gnome.org/mcatanzaro/2016/02/01/on-webkit-security-updates/ It would make sense to point this out in the webkitgtk3 package description.
Yes, or probably both. I've read your article before, that lead my attention to report this issue ;) So shouldn't these package descriptions provide these pieces of information: (?) * webkitgtk is shipping WebKit 1 with Gtk+ 2, old and insecure and deprecated * webkitgtk3 is shipping WebKit 1 with Gtk+ 3, old and insecure and deprecated * webkitgtk4 is shipping WebKit 2 with Gtk+ 3, multi-process architecture, currently the only recommended way to use WebKit with Gtk+
Makes sense.
I went the other way and updated the package description for webkitgtk and webkitgtk3 packages and left the webkitgtk4 untouched. webkitgtk: "This package contains an insecure and deprecated version of WebKitGTK+ for GTK+ 2." webkitgtk3: "This package contains an insecure and deprecated version of WebKitGTK+ for GTK+ 3. Use WebKit2 instead."
Thank you!