[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

qtwebengine support/security status

From: Jack Hill
Subject: qtwebengine support/security status
Date: Mon, 20 Jan 2020 21:35:45 -0500 (EST)
User-agent: Alpine 2.20 (DEB 67 2015-01-07)

Hi Guix,

Thanks to Mike and everyone for working on qtwebengine and qutebrowser. I'm happy and thankful that Guix's features and the community's commitment allow packaging these in a principled way.

Before I use these packages to browse untrusted websites, I wanted to double check that it is safe to do so. According to [0] we are using Qt 5.12.6 which is the latest LTS. I agree with the assessment there that that's pretty good. However the messaging from Qt, "We do update to the latest Chromium version in use before a Qt release. After a release some bug fixes and security patches are backported. For LTS releases of Qt we might also update Chromium in a patch level release," [1] makes me less sure that qtwebengine will continue to be secure over the lifetime of a Qt release. qtwebengine at 69.0.3497.128 already seems to be behind our ungoogled-chromium package at 78.0.3904.108.


I'm also curious how Qt releases will be handled in Guix. Can they go directly to master, or will they need to go through a staging or core-updates cycles.

So summarize, do we think it's prudent to expose our qtwebengine to random web pages? Thanks for your thoughts and all the hard work!


reply via email to

[Prev in Thread] Current Thread [Next in Thread]