<html>
<body>
<div style="font-family: Verdana, Arial, Helvetica, Sans-Serif;">
<table bgcolor="#f9f3c9" width="100%" cellpadding="12" style="border: 1px #c9c399 solid; border-radius: 6px; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tr>
<td>
This is an automatically generated e-mail. To reply, visit:
<a href="https://git.reviewboard.kde.org/r/129233/">https://git.reviewboard.kde.org/r/129233/</a>
</td>
</tr>
</table>
<br />
<blockquote style="margin-left: 1em; border-left: 2px solid #d0d0d0; padding-left: 10px;">
<p style="margin-top: 0;">On December 13th, 2016, 9:11 p.m. UTC, <strong>Albert Astals Cid</strong> wrote:</p>
<blockquote style="margin-left: 1em; border-left: 2px solid #d0d0d0; padding-left: 10px;">
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;"><p style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: inherit;">I honestly can't see how this would count as "bugfix".</p></pre>
</blockquote>
<p>On December 15th, 2016, 8:49 p.m. UTC, <strong>Heiko Becker</strong> wrote:</p>
<blockquote style="margin-left: 1em; border-left: 2px solid #d0d0d0; padding-left: 10px;">
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">I see it as a security fix, considering that even Qt5Webkit is probably affected by a three digit number of security issues in its old Webkit and that Qt4Webkit is even based on an older version of Webkit. Especially with the above mentioned htmlthumbnailer the attack surface is possible rather huge and in addition not even that obvious to the unsuspecting user.
Anyway I have applied this downstream and kicked out htmlthumbnailer from kde-runtime.</pre>
</blockquote>
<p>On October 19th, 2017, 9:13 p.m. UTC, <strong>Andreas Sturmlechner</strong> wrote:</p>
<blockquote style="margin-left: 1em; border-left: 2px solid #d0d0d0; padding-left: 10px;">
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;"><p style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: inherit;">One last ping before close - we've been applying this downstream since 4.14.22 without issues (in fact people have had it enabled or disabled via use flag depending on their setups and provided valuable testing), and not a single bug was raised. Obviously with this flag it is the job of the packagers to determine if they have any qtwebkit reverse-dependencies left, but by default nothing changes.</p></pre>
</blockquote>
</blockquote>
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">The "bugfix only" policy is intended to give some improved guarantees that upgrades won't break existing software. But since we've had packagers already testing this patch for a year now, I think the patch has received more than enough testing to make us able to worry less about breaking user systems.
On top of the potential reduction in attack surface made possible by this restructuring, I think it is in our users' best interest to apply the patch.
+1 from me.</pre>
<br />
<p>- Michael</p>
<br />
<p>On December 11th, 2016, 3:07 p.m. UTC, Andreas Sturmlechner wrote:</p>
<table bgcolor="#fefadf" width="100%" cellspacing="0" cellpadding="12" style="border: 1px #888a85 solid; border-radius: 6px; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tr>
<td>
<div>Review request for kdelibs.</div>
<div>By Andreas Sturmlechner.</div>
<p style="color: grey;"><em>Updated Dec. 11, 2016, 3:07 p.m.</em></p>
<div style="margin-top: 1.5em;">
<strong style="color: #575012; font-size: 10pt;">Repository: </strong>
kdelibs
</div>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Description </h1>
<table width="100%" bgcolor="#ffffff" cellspacing="0" cellpadding="10" style="border: 1px solid #b8b5a0">
<tr>
<td>
<pre style="margin: 0; padding: 0; white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;"><p style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: inherit;">Provide a switch for distributions to disable build of kdewebkit and
kdewebkit-widgets, to support efforts on getting rid of Qt4 WebKit.</p>
<p style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: inherit;">The implications of this for KDE Applications packages are, at this
point (16.12.0), negligible:</p>
<p style="padding: 0;text-rendering: inherit;margin: 0;line-height: inherit;white-space: inherit;">kde-runtime/drkonqi
kde-runtime/kioslave (htmlthumbnail, removable with little effort, probably no reverse dep left)
kde-runtime/plasma (no reverse deps left)
pykde4 (with rdep: kajongg)</p></pre>
</td>
</tr>
</table>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Diffs</b> </h1>
<ul style="margin-left: 3em; padding-left: 0;">
<li>CMakeLists.txt <span style="color: grey">(f1266655c512474626b68565a2830dae5828bf57)</span></li>
<li>kdewidgets/CMakeLists.txt <span style="color: grey">(51536017ac0a3a86e164e30b80840a89aa3a8248)</span></li>
<li>plasma/CMakeLists.txt <span style="color: grey">(b9214388d72122ae9c5709b6956a8b8e13ccd3aa)</span></li>
</ul>
<p><a href="https://git.reviewboard.kde.org/r/129233/diff/1/" style="margin-left: 3em;">View Diff</a></p>
</td>
</tr>
</table>
</div>
</body>
</html>