I have been hanging around this list for some time, but this is my first post.
I work for Red Hat Security Response team, and have recently taken over WebKit security
from Vincent. I am also a member of upstream WebKit Security Group.
For some time we have been trying to get WebKit-Gtk issues fixed upstream, [And as you know they have impact on other variants as well]. Releases 1.2.4 and 1.2.5 of WebKit-Gtk were mainly to address security fixes.
However for some time, we have had no response from upstream folks. I think they are pretty busy with other stuff, which is quite understandable. The downside of that being the fact that we have a lot of open security issues not fixed in Webkit-Gtk and other variants as well.
I was wondering if Fedora WebKit SIG could help in this matter, perhaps engage with upstream, back port security fixes or even ask for git commit access so that we could commit these fixes directly, So that the WebKit SIG and the Fedora community would take leadership in getting these issues fixed.
What do you think about this?
Huzaifa Sidhpurwala / Red Hat Security Response.