[Development] Changes to Qt offering

Kevin Kofler kevin.kofler at chello.at
Tue Jan 28 00:16:35 CET 2020

Thiago Macieira wrote:
> All security fixes are made available to everyone, for all Qt versions
> that they affect, provided it's still a supported Qt version
> (or it was easy to make the fix).

How will this work for QtWebEngine? There are a few dozen security fixes at 
each QtWebEngine point release, how will you make those available? And is a 
version in commercial-only LTS mode even "still a supported Qt version"? 
(Because QtWebEngine with its dozens of security fixes definitely does not 
qualify for the "or it was easy to make the fix" clause.)

For intermediate LTS releases such as 5.12, there is the option to just 
upgrade to 5.n+1 (e.g., 5.13) instead (where currently those releases will 
even compile against the LTS Qt, and sometimes even against older Qt 
branches, with no changes), but this is not an option for 5.15 (unless 
QtWebEngine 6.0 will be buildable as 5.16 somehow – it would likely not only 
need to build against Qt 5.15, but also need to lie about its major version 
number). So we really need a plan to provide security fixes for QtWebEngine 
5.15 for a reasonable amount of time (until at least the major network-
facing consumers such as Falkon, KMail, etc. are all ported to Qt 6).

        Kevin Kofler

More information about the Development mailing list