Adrian, On Sunday, December 17, 2023 3:11:10 AM MST Adrian Bunk wrote: > I don't know what's going on with the headers, but there is a reason why > the dependency gets generated: > > $ nm -D /usr/bin/angelfish-webapp | grep Qt_5_PRIVATE_API > U > _ZN22QQuickWebEngineProfile16downloadFinishedEP27QQuickWebEngineDownloadIte > m@Qt_5_PRIVATE_API U > _ZN22QQuickWebEngineProfile17downloadRequestedEP27QQuickWebEngineDownloadIt > em@Qt_5_PRIVATE_API $ The public version of this class is found in: qquickwebengineprofile.h Which is part of the qtwebengine5-dev package. Private versions of this class can be found in: qquickwebengineprofile_p.h qquickwebenginedownloaditem_p.h which are part of the qtwebengine5-private-dev package. This does beg the question of how angelfish builds against this private header without build-depending on qtwebengine5-private-dev. Perhaps that is an answer that one of the angelfish maintainers, Pirate or Nilesh, can answer. But as I mentioned in a previous email, it boggles the imagination that a security patch would ever modify the download notification API (or anything in the very high-level, non Chromium or Blink rendering engine headers in the qtwebengine-private-dev package). So, this isn’t likely to impact efforts to maintain security updates in stable. > bookworm-backports are packages from trixie rebuilt for bookworm. > > Whatever you want to do in backports, it has to go into unstable und > migrate to testing first. That is exactly what I am planning to do. I am going to backport qtwebengine- opensource-src 5.15.15+dfsg-2, which is currently in trixie, to bookworm. When 5.15.16 lands in trixie, I will backport that to bookworm. This provides a way for those on stable who would like Qt WebEngine security updates to install them, while also making it easy to revert to the version in stable if the updates cause problems. -- Soren Stoutner soren@stoutner.com
Attachment:
signature.asc
Description: This is a digitally signed message part.