Bug#928778: marked as done ([libqt5core5a] System Qt version no longer supported upstream)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Sat, 11 May 2019 10:11:57 -0300
with message-id <CA+QPbz1HCExBG_PCvXYH40adJpb91m7wDnBdsTczhTf=3-67MQ@mail.gmail.com>
and subject line Re: Bug#928778: [libqt5core5a] System Qt version no longer supported upstream
has caused the Debian Bug report #928778,
regarding [libqt5core5a] System Qt version no longer supported upstream
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
928778: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928778
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: [libqt5core5a] System Qt version no longer supported upstream
• From: Stephen Lyons <slysven@virginmedia.com>
• Date: Fri, 10 May 2019 23:17:00 +0100
• Message-id: <[🔎] baa7a4cd-2617-7f1e-0928-3de52aa191ad@virginmedia.com>

Package: libqt5core5a
Version: 5.7.1+dfsg-3+deb9u1
Severity: normal
Tags: security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org

--- Please enter the report below this line. ---

I was aware that Qt 5.6.3 (LTS) has recently reached end-of-support
(2019/03/16) but I hadn't stopped to think that 5.7.1 is well past the
end-point for non-Long Term Support upstream (2017/06/16) - that being
the case and for Debian "Stretch" being the current *stable* version
until "Buster" gets out the door in the next few months, isn't it a good
idea, at least from a security and safety point of view, for Debian to
upgrade to a version, such as Qt 5.9.7 which has long-term support from
Qt until 2020/05/31...?

--- System information. ---
Architecture: Kernel:       Linux 4.9.0-8-amd64

Debian Release: 9.9
  500 stable          security.debian.org
  500 stable          ftp.uk.debian.org
  500 stable          apt.spideroak.com
  100 stretch-backports deb.debian.org
--- Package information. ---
Depends                       (Version) | Installed
=======================================-+-==============
libc6                         (>= 2.14) | 2.24-11+deb9u4
libdouble-conversion1        (>= 2.0.0) | 2.0.1-4
libgcc1                      (>= 1:3.4) | 1:6.3.0-18+deb9u1
libglib2.0-0                (>= 2.22.0) | 2.50.3-2
libicu57                   (>= 57.1-1~) | 57.1-6+deb9u2
libpcre16-3               (>= 2:8.35-4) | 2:8.39-3
libstdc++6                       (>= 5) | 6.3.0-18+deb9u1
zlib1g                     (>= 1:1.1.4) | 1:1.2.8.dfsg-5


Recommends                (Version) | Installed
===================================-+-===========
qttranslations5-l10n                | 5.7.1~20161021-1


Suggests      (Version) | Installed
=======================-+-===========
libthai0                | 0.1.26-1

-- 
To mitigate against EFAIL attacks email messages will be handled only as
plain text, please do not send emails in an HTML form to this recipient!

Attachment: signature.asc
Description: OpenPGP digital signature

--- End Message ---

--- Begin Message ---

• To: Stephen Lyons <slysven@virginmedia.com>, 928778-done@bugs.debian.org, Debian bug control <control@bugs.debian.org>
• Subject: Re: Bug#928778: [libqt5core5a] System Qt version no longer supported upstream
• From: Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>
• Date: Sat, 11 May 2019 10:11:57 -0300
• Message-id: <CA+QPbz1HCExBG_PCvXYH40adJpb91m7wDnBdsTczhTf=3-67MQ@mail.gmail.com>
• In-reply-to: <[🔎] baa7a4cd-2617-7f1e-0928-3de52aa191ad@virginmedia.com>
• References: <[🔎] baa7a4cd-2617-7f1e-0928-3de52aa191ad@virginmedia.com>

severity 928778 wishlist
tag 928778 wontfix
thanks

Hi Stephen!

On Fri, 10 May 2019 at 19:27, Stephen Lyons <slysven@virginmedia.com> wrote:
[snip]
> I was aware that Qt 5.6.3 (LTS) has recently reached end-of-support
> (2019/03/16) but I hadn't stopped to think that 5.7.1 is well past the
> end-point for non-Long Term Support upstream (2017/06/16) - that being
> the case and for Debian "Stretch" being the current *stable* version
> until "Buster" gets out the door in the next few months, isn't it a good
> idea, at least from a security and safety point of view, for Debian to
> upgrade to a version, such as Qt 5.9.7 which has long-term support from
> Qt until 2020/05/31...?

Indeed that would be in an ideal world, but I'm afraid it's
impossible. With every new Qt release, even minor point (last version
number) the private API is bound to change. And there are many things
that use that private API, like KWin. That would mean rebuilding
everything, which we can't do in Debian stable.

Our only chance is to backport the relevant patches, which normally is
not that complicated, only sometimes very time consuming.

Kinds regards, Lisandro.

--- End Message ---