Alberto On Thursday, December 14, 2023 6:23:57 PM MST Alberto Garcia wrote: > I would like to offer my (outsider) perspective as the Debian > WebKitGTK / WPE WebKit maintainer. Thanks for that perspective. It is very informative. > - The project created a policy to support Debian and Ubuntu LTS by not > bumping the dependencies: What WebKitGTK has accomplished is impressive. Specifically, that you are able to release updated packages, including feature updates, cleanly into stable and oldstable. As you point out, doing so with Qt WebEngine would require significant changes to the way upstream works. Luckily, my intentions are much less ambitions. I would julst like to handle security support for stable without adding full new feature releases. > If you still want to give it a go maybe try updating the Qt WebEngine > via backports first, although if that requires that the Qt / KDE > maintainers stick to a specific LTE branch then you need to coordinate > that with them first. I think this is the best way forward. Bookworm released with an LTS version of Qt 5 and a non-LTS version of Qt 6. It seems it should be fairly easy to start maintaining proper security support for Qt 5 WebEngine through backports. If we can get trixie to release with an LTS version of Qt 6, we can then maintain security updates for both versions of Qt. Based on how well that works, we can then evaluate using the standard security infrastructure to handle these instead of backports. Something similar has already been done once through a stable point release. Bookworm released with qtwebengine-opensource-src 5.15.8+dfsg-1, but 5.15.13+dfsg-1~deb12u1 was later uploaded. Perhaps Dmitry could provide some insight into the motivation behind the update and any difficulties that were encountered. At this point, the biggest remaining question is what is the private header that angelfish is using in Qt WebEngine and why? Can one of the angelfish maintainers or someone else familiar with the reasoning provide an explanation? Thanks, Soren -- Soren Stoutner soren@stoutner.com
Attachment:
signature.asc
Description: This is a digitally signed message part.