On Tuesday, 31 July 2018 05:48:29 PDT Allan Sandfeld Jensen wrote: > On Dienstag, 31. Juli 2018 14:02:23 CEST Christian Gagneraud wrote: > > On 31 July 2018 at 23:45, Allan Sandfeld Jensen <k...@carewolf.com> wrote: > > > The question was: Do you want security fixes or not? The reason it was > > > done is because we have upped our game on security fixes in webengine. > > > > Can't you just backport security fixes, eg like Debian and OpenBSD do? > > Debian does not do that. They update ALL of chromium for every single > update, even on the stable branch, because they don't have the manpower to > backport security patches, and because backporting patches has severe > limitations, especially for a full chromium browser as opposed to our > subset of it. In fact no Linux distro does backports of security patches > for Chromium, they have all given up.
You also have to remember there are lots of fixes that apply to security but aren't marked "security patches" and have no CVE associated with them. This applies to other big chunks of code too, like the Linux kernel. If you want security, I recommend being on the latest latest. Not even the latest LTS. But at least for some projects, there's an effort to keep good LTSes that are secure (Linux, for example). Chromium doesn't. -- Thiago Macieira - thiago.macieira (AT) intel.com Software Architect - Intel Open Source Technology Center _______________________________________________ Interest mailing list Interest@qt-project.org http://lists.qt-project.org/mailman/listinfo/interest
