Bug#1057755: Qt WebEngine Security Support In Stable

To: Soren Stoutner <soren@stoutner.com>
Cc: Mike Gabriel <sunweaver@debian.org>, 1057755@bugs.debian.org, Patrick Franz <deltaone@debian.org>, Debian UBports Team <team+ubports@tracker.debian.org>, Debian Release Team <debian-release@lists.debian.org>, Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>, Dmitry Shachnev <mitya57@debian.org>, Debian Security Team <security@debian.org>, Pirate Praveen <praveen@debian.org>, Nilesh Patra <nilesh@debian.org>, Aurélien COUDERC <coucouf@debian.org>, Fritz Reichwald <reichwald@b1-systems.de>, Thomas Goirand <thomas@goirand.fr>
Subject: Bug#1057755: Qt WebEngine Security Support In Stable
From: Adrian Bunk <bunk@debian.org>
Date: Fri, 15 Dec 2023 01:19:17 +0200
Message-id: <[🔎] ZXuNdExxINc2SIqT@localhost>
Reply-to: Adrian Bunk <bunk@debian.org>, 1057755@bugs.debian.org
In-reply-to: <[🔎] 4f1f9ca8-61a4-43f6-b3bc-38752dbe9161@stoutner.com>
References: <[🔎] 170199911428.713712.13945181272059018033.reportbug@soren-desktop.stoutner.com> <[🔎] 4190101.1IzOArtZ34@treadstone-71> <[🔎] 1889894.itTzSnWKVK@soren-desktop> <[🔎] 20231214075802.Horde.bt03VsbWf7zcH_G4skR3c_V@mail.das-netzwerkteam.de> <[🔎] 4f1f9ca8-61a4-43f6-b3bc-38752dbe9161@stoutner.com> <[🔎] 170199911428.713712.13945181272059018033.reportbug@soren-desktop.stoutner.com>

On Thu, Dec 14, 2023 at 12:48:08PM -0700, Soren Stoutner wrote:
>...
> This plan does not address oldstable security support.
>...

Non-LTS oldstable is the 3rd year of stable security support,
this is required for giving users time to schedule the invasive
upgrades to a new Debian stable at a convenient time.

LTS oldstable (after regular security support has ended) is a paid 
endeavour outside the scope of what Debian volunteers are expected
to support.

>...
> 3. When the LTS in stable is no longer supported, security patches can be
> backported from the current LTS to the one in stable.
> 
> This sounds like a doable amount of security work and I would be willing to
> undertake it.
>...

By calling this "doable" you are demonstrating that you do not fully 
grasp why browser engines are considered unsupportable.

In recent years, chromium had on average more than 1 CVE per day:
https://security-tracker.debian.org/tracker/source-package/chromium

> Soren Stoutner

cu
Adrian

Reply to:

Follow-Ups:
- Re: Bug#1057755: Qt WebEngine Security Support In Stable
  - From: Soren Stoutner <soren@stoutner.com>

References:
- Bug#1057755: qt6-webengine: Support security updates in stable
  - From: Soren Stoutner <soren@stoutner.com>
- Bug#1057755: Qt WebEngine Security Support In Stable
  - From: Patrick Franz <deltaone@debian.org>
- Re: Bug#1057755: Qt WebEngine Security Support In Stable
  - From: Soren Stoutner <soren@stoutner.com>
- Re: Bug#1057755: Qt WebEngine Security Support In Stable
  - From: Mike Gabriel <sunweaver@debian.org>
- Re: Bug#1057755: Qt WebEngine Security Support In Stable
  - From: Soren Stoutner <soren@stoutner.com>

Prev by Date: qt6-remoteobjects_6.6.1-1_source.changes ACCEPTED into experimental
Next by Date: Processing of qt6-remoteobjects_6.6.1-2_source.changes
Previous by thread: Re: Bug#1057755: Qt WebEngine Security Support In Stable
Next by thread: Re: Bug#1057755: Qt WebEngine Security Support In Stable
Index(es):
- Date
- Thread