1 |
On Tue, 16 Jan 2018 15:58:11 +0100 |
2 |
Kristian Fiskerstrand <k_f@g.o> wrote: |
3 |
|
4 |
> On 01/16/2018 03:45 PM, Aaron W. Swenson wrote: |
5 |
> > Given the situation, we have a choice: Remove GnuCash altogether, or |
6 |
> > press ahead with recommending a version upstream considers |
7 |
> > unstable. |
8 |
> |
9 |
> Or 3, discuss with upstream to see if they can release an updated |
10 |
> version as stable branch. |
11 |
|
12 |
4. Mask the vulnerable webkit-gtk. This way: A. User is informed. |
13 |
B. Manual action is required to continue using such package. |
14 |
|
15 |
I see this as the most obvious choice considering that I am still |
16 |
unable to find any possible attack vector against GnuCash. If it is me |
17 |
and only me who enters data. Webkit reports are generated from those |
18 |
data. How can anyone hack me through GnuCash? |
19 |
|
20 |
In general, many times users use applications in a way that |
21 |
vulnerabilities does not apply to their use cases. I would prefer to |
22 |
be informed and allowed to continue using such application as a part of |
23 |
the distro. |
24 |
|
25 |
Robert |
26 |
|
27 |
|
28 |
-- |
29 |
Róbert Čerňanský |
30 |
E-mail: openhs@×××××××××.com |
31 |
Jabber: hs@××××××.sk |