> On Dec. 13, 2016, 9:11 p.m., Albert Astals Cid wrote: > > I honestly can't see how this would count as "bugfix". > > Heiko Becker wrote: > I see it as a security fix, considering that even Qt5Webkit is probably > affected by a three digit number of security issues in its old Webkit and > that Qt4Webkit is even based on an older version of Webkit. Especially with > the above mentioned htmlthumbnailer the attack surface is possible rather > huge and in addition not even that obvious to the unsuspecting user. > > Anyway I have applied this downstream and kicked out htmlthumbnailer from > kde-runtime.
One last ping before close - we've been applying this downstream since 4.14.22 without issues (in fact people have had it enabled or disabled via use flag depending on their setups and provided valuable testing), and not a single bug was raised. Obviously with this flag it is the job of the packagers to determine if they have any qtwebkit reverse-dependencies left, but by default nothing changes. - Andreas ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://git.reviewboard.kde.org/r/129233/#review101423 ----------------------------------------------------------- On Dec. 11, 2016, 3:07 p.m., Andreas Sturmlechner wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://git.reviewboard.kde.org/r/129233/ > ----------------------------------------------------------- > > (Updated Dec. 11, 2016, 3:07 p.m.) > > > Review request for kdelibs. > > > Repository: kdelibs > > > Description > ------- > > Provide a switch for distributions to disable build of kdewebkit and > kdewebkit-widgets, to support efforts on getting rid of Qt4 WebKit. > > The implications of this for KDE Applications packages are, at this > point (16.12.0), negligible: > > kde-runtime/drkonqi > kde-runtime/kioslave (htmlthumbnail, removable with little effort, probably > no reverse dep left) > kde-runtime/plasma (no reverse deps left) > pykde4 (with rdep: kajongg) > > > Diffs > ----- > > CMakeLists.txt f1266655c512474626b68565a2830dae5828bf57 > kdewidgets/CMakeLists.txt 51536017ac0a3a86e164e30b80840a89aa3a8248 > plasma/CMakeLists.txt b9214388d72122ae9c5709b6956a8b8e13ccd3aa > > > Diff: https://git.reviewboard.kde.org/r/129233/diff/1/ > > > Testing > ------- > > > Thanks, > > Andreas Sturmlechner > >
