| 1 |
On Tue, 16 Jan 2018 15:58:11 +0100 |
| 2 |
Kristian Fiskerstrand <k_f@g.o> wrote: |
| 3 |
|
| 4 |
> On 01/16/2018 03:45 PM, Aaron W. Swenson wrote: |
| 5 |
> > Given the situation, we have a choice: Remove GnuCash altogether, or |
| 6 |
> > press ahead with recommending a version upstream considers |
| 7 |
> > unstable. |
| 8 |
> |
| 9 |
> Or 3, discuss with upstream to see if they can release an updated |
| 10 |
> version as stable branch. |
| 11 |
|
| 12 |
4. Mask the vulnerable webkit-gtk. This way: A. User is informed. |
| 13 |
B. Manual action is required to continue using such package. |
| 14 |
|
| 15 |
I see this as the most obvious choice considering that I am still |
| 16 |
unable to find any possible attack vector against GnuCash. If it is me |
| 17 |
and only me who enters data. Webkit reports are generated from those |
| 18 |
data. How can anyone hack me through GnuCash? |
| 19 |
|
| 20 |
In general, many times users use applications in a way that |
| 21 |
vulnerabilities does not apply to their use cases. I would prefer to |
| 22 |
be informed and allowed to continue using such application as a part of |
| 23 |
the distro. |
| 24 |
|
| 25 |
Robert |
| 26 |
|
| 27 |
|
| 28 |
-- |
| 29 |
Róbert Čerňanský |
| 30 |
E-mail: openhs@×××××××××.com |
| 31 |
Jabber: hs@××××××.sk |
Archives