[Interest] Qt WebEngine 5.15.3 tag
Benjamin TERRIER
b.terrier at gmail.com
Tue Mar 9 18:37:35 CET 2021
On Tue, 9 Mar 2021 at 18:07, Florian Bruhin <me at the-compiler.org> wrote:
> On Tue, Mar 09, 2021 at 10:41:51AM +0100, Benjamin TERRIER wrote:
> > I would not mind if it was just a matter of tag, but the fact that the
> > change file for 5.15.3 (changes-5.15.3) is not present on the 5.15.3
> branch
> > in the public repo does not help making this branch trustworthy.
>
> That's no accident FWIW, see the discussions here:
> https://codereview.qt-project.org/c/qt/qtwebengine/+/335435
> https://codereview.qt-project.org/c/qt/qtwebengine/+/337355
>
> Here's the changes file before the change adding it was abandoned:
>
> https://codereview.qt-project.org/c/qt/qtwebengine/+/335435/6/dist/changes-5.15.3
>
> It's... bizarre. Even more so for a highly security-relevant piece of Qt
> (and a release which fixes 29 CVEs plus 9+ other security bugs).
>
>
>
Thanks.
And indeed it is even more strange when I read "The changes information
will be part of the 5.15.3 source code release (targeted for open source
users) when it will be published."
So Qt WebEngine 5.15.3
- is open source and its source code is accessible
- won't be officially tagged or have a change file, even though the
change file has been written and was ready to be merged
- is a critical security update
- might be published at some point, or not
This does not make any sense.
Given that Qt WebEngine is open-source and a module where updates are
critical for security, its open source 5.15.3 release should have happened
at the same time as the commercial release.
I am pretty sure that Linux distros which have Qt 5.15 would be interested
in upgrading their Qt WebEngine to 5.15.3+
Benjamin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/interest/attachments/20210309/72bb8b7a/attachment.html>
More information about the Interest
mailing list