[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Staying on top of Qt security
From: |
Ricardo Wurmus |
Subject: |
Re: Staying on top of Qt security |
Date: |
Wed, 09 Mar 2016 09:46:19 +0100 |
User-agent: |
mu4e 0.9.13; emacs 24.5.1 |
Andreas Enge <address@hidden> writes:
> On Sat, Mar 05, 2016 at 10:16:05PM +0100, Ricardo Wurmus wrote:
>> We could ask drobilla for a new suil release. I don’t think we should
>> package the development version as it’s not clear if dependent
>> applications would work with the latest suil.
>
> Sounds good. Would you like to do it, since you are clearly the expert?
I just checked some packaging information for Suil. Maybe we should
just split it into different packages:
The purpose of Suil is to abstract plugin UI toolkits away from host
code. To achieve this, Suil performs its magic by dynamically
loading modules for each toolkit. The main Suil library does NOT
depend on any toolkit libraries, and thus neither should your
package. Please package the individual modules
(e.g. libsuil_gtk2_in_qt4.so) as separate packages, which themselves
depend on the involved toolkits. These packages should also be
versioned as described above to support parallel installation.
Please do not make the main Suil package depend on any toolkit
package, this defeats the purpose of Suil and will severely irritate
those who for whatever reason do not want a particular toolkit
dependency. The main Suil package may have a weak dependency
(e.g. "recommends") on the individual wrapper modules, and it's fine
if these are installed by default, but it must be possible to
install Suil without installing them if the user explicitly wishes
to do so.
[http://svn.drobilla.net/lad/trunk/suil/PACKAGING]
How about we do just that? Maybe we’ll find that the qt4 backend is not
needed by any other package at all.
~~ Ricardo