On 05.07.2016 13:23, Martin Graesslin wrote:
The problems as I see it, is that I don't trust Qt to update when there are
security issues. That's based on how long we had to wait for Qt 5.6.1. I just
tried to figure out which issues in QtWebEngine were fixed in 5.6.1, but that's
not possible. The changelog ( https://code.qt.io/cgit/qt/qtwebengine.git/tree/
dist/changes-5.6.1?h=5.6.1 ) does not list them. It only says it's up to ...
2704.63. So are the issues mentioned in https://
googlechromereleases.blogspot.de/2016/06/stable-channel-update_16.html fixed or
not? And what about those in https://googlechromereleases.blogspot.de/2016/06/
stable-channel-update.html ?
That's the problem I see with Qt based browsers - I don't think the Qt team is
up to the task of doing timely security fixes for their software. Also caused
by Qt's release model of releasing all together. QtWebEngine would need
updates whenever chromium updates.
I'm writing that with my security hat on and not with my I would like to see
Qt applications hat.
This is a very valid point, but wouldn't it be in our as well as Qt's best
interest
to figure out a solution for it together with the Qt community, instead of just
saying
"Anything using QtWebEngine is a security risk and therefore should not be
used?"
I suppose we all want our favorite toolkit to be usable to securely browse the
web,
don't we? I'd be very surprised if the Qt Company simply did not care about the
security of QtWebEngine, so if we approach them with our concerns, they should
be responsive to them.
_______________________________________________
Plasma-devel mailing list
Plasma-devel@kde.org
https://mail.kde.org/mailman/listinfo/plasma-devel
