QtWebKit in Qt5.6+ in Debian
Florian Bruhin
me at the-compiler.org
Thu Jun 25 18:44:21 UTC 2015
* Kevin Krammer <kevin.krammer at gmx.at> [2015-06-25 20:07:58 +0200]:
> On Thursday, 2015-06-25, 18:45:52, Florian Bruhin wrote:
> > * Kevin Krammer <kevin.krammer at gmx.at> [2015-06-25 18:35:41 +0200]:
> > > On Thursday, 2015-06-25, 15:56:22, Florian Bruhin wrote:
>
> > > > I still have some hope - I think Qt will still apply at least security
> > > > fixes for QtWebKit until Qt 6, which still should be a while away.
> > >
> > > I would also be surprised if they would knowingly ship insecure code.
> >
> > I wouldn't call it *knowingly* - but chances are slim that someone
> > will take care of security issues until there's a bug report - and
> > even then, I guess it depends on the ressources Qt is willing to
> > allocate to QtWebKit (which seems to be dropping at a fast rate the
> > past few months).
>
> Hmm, I would think that there are people monitoring webkti related security
> lists
I almost never see upstream WebKit fixes being applied to QtWebKit
without someone opening a bug report for it.
I recently talked with Hanno Böck[1] about my project ([2] for the
curious) and he's told me the same.
If I notice something I'll backport it (like I did with [3] for
example), but my time to work on QtWebKit is extremely limited, as my
own project keeps me busy.
[1] https://hboeck.de/en/
[2] http://www.qutebrowser.org/
[3] https://codereview.qt-project.org/#/c/108936/
> the new engine is webkit based as well.
Not really. It's based on Chromium, which is based on Blink, which in
turn once was WebKit - but I wouldn't call that WebKit-based.
But the important part is that the QtWebEngine-Chromium is very close
to the upstream Chromium, unlike with QtWebKit which was a diverging
WebKit fork. I think Google has enough resources to keep Chromium
secure, and Qt has enough resources to keep QtWebEngine up to date
with that - but they don't have the resources to maintain their own
fork of WebKit.
(Lack of manpower was one of the reasons to start QtWebEngine and
abandon QtWebKit as far as I know)
> The open nature of Qt makes resource allocation basically driven by demand.
> E.g. all the code contributed by KDE developers was created because KDE
> applications needed it.
Well, it means something will be taken care of if someone choses to do
so. There's certainly a big demand to keep QtWebKit alive, but so far
I've not seen anybody step up to maintain it.
Florian
--
http://www.the-compiler.org | me at the-compiler.org (Mail/XMPP)
GPG: 916E B0C8 FD55 A072 | http://the-compiler.org/pubkey.asc
I love long mails! | http://email.is-not-s.ms/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-kde-talk/attachments/20150625/8c285e74/attachment.sig>
More information about the pkg-kde-talk
mailing list