[Bug 1981592] [NEW] Please remove wpewebkit and block syncs from Debian

[Launchpad Bug Tracker]

*** This bug is a security vulnerability ***

You have been subscribed to a public security bug by Steve Beattie (sbeattie):

The wpewebkit package contains a whole webkit browser engine. It is
currently not used by anything of substance in Ubuntu:

$ reverse-depends src:wpewebkit
Reverse-Depends
* cog                           (for libwpewebkit-1.1-0)
* gstreamer1.0-wpe              (for libwpewebkit-1.1-0)


cog is a single-window browser for embedded devices that is not used by anything else in the archive.
gstreamer1.0-wpe is a plugin based on wpewebkit that is not used by anything else in the archive.

Using this browser engine on the Internet is very risky as it it not
currently maintained and contains hundreds of security flaws, and
maintaining it requires a tremendous amount of work.

As such, I don't believe this package is suitable for the Ubuntu
archive.

I recommend we disable the build in gstreamer and remove both cog and
wpewebkit, and put on block on syncs from Debian.

** Affects: wpewebkit (Ubuntu)
     Importance: Undecided
         Status: New

-- 
Please remove wpewebkit and block syncs from Debian
https://bugs.launchpad.net/bugs/1981592
You received this bug notification because you are a member of Ubuntu Package Archive Administrators, which is subscribed to the bug report.