On Tue, 9 Mar 2021 at 18:07, Florian Bruhin <m...@the-compiler.org> wrote:
> On Tue, Mar 09, 2021 at 10:41:51AM +0100, Benjamin TERRIER wrote: > > I would not mind if it was just a matter of tag, but the fact that the > > change file for 5.15.3 (changes-5.15.3) is not present on the 5.15.3 > branch > > in the public repo does not help making this branch trustworthy. > > That's no accident FWIW, see the discussions here: > https://codereview.qt-project.org/c/qt/qtwebengine/+/335435 > https://codereview.qt-project.org/c/qt/qtwebengine/+/337355 > > Here's the changes file before the change adding it was abandoned: > > https://codereview.qt-project.org/c/qt/qtwebengine/+/335435/6/dist/changes-5.15.3 > > It's... bizarre. Even more so for a highly security-relevant piece of Qt > (and a release which fixes 29 CVEs plus 9+ other security bugs). > > > Thanks. And indeed it is even more strange when I read "The changes information will be part of the 5.15.3 source code release (targeted for open source users) when it will be published." So Qt WebEngine 5.15.3 - is open source and its source code is accessible - won't be officially tagged or have a change file, even though the change file has been written and was ready to be merged - is a critical security update - might be published at some point, or not This does not make any sense. Given that Qt WebEngine is open-source and a module where updates are critical for security, its open source 5.15.3 release should have happened at the same time as the commercial release. I am pretty sure that Linux distros which have Qt 5.15 would be interested in upgrading their Qt WebEngine to 5.15.3+ Benjamin
_______________________________________________ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest
