[Development] Changes to Qt offering
Allan Sandfeld Jensen
kde at carewolf.com
Tue Jan 28 09:15:53 CET 2020
On Dienstag, 28. Januar 2020 03:27:04 CET Thiago Macieira wrote:
> On segunda-feira, 27 de janeiro de 2020 15:16:35 PST Kevin Kofler wrote:
> > Thiago Macieira wrote:
> > > All security fixes are made available to everyone, for all Qt versions
> > > that they affect, provided it's still a supported Qt version
> > > (or it was easy to make the fix).
> >
> > How will this work for QtWebEngine? There are a few dozen security fixes
> > at
> > each QtWebEngine point release, how will you make those available? And is
> > a
> > version in commercial-only LTS mode even "still a supported Qt version"?
> > (Because QtWebEngine with its dozens of security fixes definitely does not
> > qualify for the "or it was easy to make the fix" clause.)
>
> With QtWebEngine, you really ought to upgrade to the next minor series,
> except for 5.15. The team retains compatibility with a couple of older
> versions (I don't know the exact policy) and this seems to me like the most
> indicated solution.
>
Back the last LTS. So QtWebEngine 5.14 can be built against Qt 5.12. On top of
that we also backport security patches back to the last QWE LTS, QtWebEngine
5.12, but that is still considered less secure that using the latest version.
And we are likely to drop the QWE LTS in Qt 6 with a decoupled release of QWE,
and instead just keep the "builds and runs with last Qt LTS" guarantee. Note
currently a build against 5.12 is binary incompatible with a build against
5.14 due to private API usage, so this is a problem that needs to be solved in
Qt6, to have a "runs with" guarantee, and avoid a blow up of binary versions
needed.
Note by the way that Qt WebEngine Core, due to Chromium containing old KHTML
based code, needs to be LGPLv2+ compatible. So it can not follow the exact
same commercial-only license as the rest of Qt for LTS releases.
Best regards
'Allan
More information about the Development
mailing list