On Thu, 2016-01-07 at 08:40 -0500, Eric Griffith wrote: > Unless the Ephiphany/Web guys can show they will take security > concerns > very seriously and have the number of team members necessary TO take > Security seriously... My two cents would be: don't default to Web. > Browser > security is not something we can just call "good enough" given how > much > trust we put into the browsers we use. > > Note: I'm not saying Web doesn't take security concerns seriously > right > now. What i am saying we need to make sure and double check that they > do. Hi Eric, I am responsible for Epiphany security. If you're aware of any outstanding security issues, please let me know. We had some difficulty releasing security advisories last year due to internal changes within Apple. We now have a new contact with Apple and were able to release [1]; we hope to be able to release smaller advisories more frequently in the future now that has been solved. Apple has a team of developers that fixes these security issues. In the rare cases where security issues are discovered that do not impact Apple, Igalia takes responsibility for fixing them. We had one such issue last year, CVE-2015-2330. (I work for Igalia.) The above are all WebKit vulnerabilities. If security issues are discovered in Epiphany itself, Igalia will take responsibility for fixing them, but this is quite rare. Michael [1] http://webkitgtk.org/security/WSA-2015-0002.html -- desktop mailing list desktop@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/desktop@xxxxxxxxxxxxxxxxxxxxxxx
