On Friday, August 06, 2010 05:15:12 pm you wrote:
On Fri, 2010-08-06 at 16:45
+0200, Jaroslav Reznik wrote:
> Hi all (and if not all, feel free to add
them to CC).
> I'd like to establish
> WebKit SIG (or some sort of group
of people interested in WebKit in
> Fedora - no need for any official one)
as it's quite
an overhead to
> maintain such a big beast here. We have
> KHTML... All very similar but based on
> and it's mess currently (with
I'm not sure about KHTML. Yes, WebKit is
originally a fork of KHTML, but
AFAIK the current code bases differ too
It's more complicated - some parts are completely different, some
backported from WebKit, some code is the same line-by-line, some rewritten.
But with every WebKit's CVE we are trying to reproduce it in KHTML and if we
can't reproduce it, we try to do a code review together with security response
> What's the reason?
> - all WebKit-like implementations
very similar with only a little differences (toolkit...)
Not sure how
"little" the differences are, but yeah, there's a big
common ground for all
the ports and it would be ideal if we
separate it out.
are really toolkit-specific but from my observations - most of bugs applied on
> - there are quite
> a lot of CVEs - it's time consuming to
go over all CVEs (thanks for great
> job goes to Vincent Danen and other
brave men from
> team) and most of patches could be
It would much help if we knew which CVEs were already fixed by
and in which SVN snapshot and what SVN snapshot the ports are
on. It gets a bit tougher with stable branches which usually have
backport fixes and such...
CVEs are usually fixed upstream but still you have
to go through all bugs and check it in all WebKits implementations (snapshot
revisions could help of course). WebKits shipped by Fedora usually differs -
different snapshots (but not big changes).
> - a lot of bugs affects all
> again patches sharing
Same as above.
sometimes the primary maintainer of one of WebKits is
> out of time - that
means other team member could help
> - and probably many
> other reason
like we are on the same WebKit ship (and if it's going to
> If you're interested in - please reply,
> I'd like to start Wiki
page and we can talked about more details
Yeah a wiki page would
be helpful. Plus as I already outlined in another
mail, this effort would be
futile without full support from
I don't think there are *any*
releases of WebKit core
components at all
so the ports differ a lot on which
SVN snapshot they build
upon, and to
establish this common ground,
cooperation from upstream is
There's quite a big mess on WebKit's
security list, Vincent suggested few changes, let's see. Another question is
how to make releases in sync - to have same snapshots in Fedora.
starters we should probably identify what our current position is --
what are the webkit ports used in fedora, which SVN
are the core components of webkit, the differences in
systems, ... And
outlining the idea of splitting/merging.
Any merging is really upstream
(upstreams) problem but yes - we need to clean up WebKits situations - what we
really have, who is consumer of which one etc.
Anyway, I would be
interested in helping, although I doubt I
much, given my low to
none knowledge of webkit internals and
time, but as a full time user
of webkitgtk based apps, I'm
interested in having them work in
Great (and yes, latest WebKits crashes - icedtea plugin is
cross WebKits one)!
Software Engineer - Base Operating Systems Brno
+420 532 294 275
Mobile: +420 602 797 774
Red Hat, Inc.