Which applications does the Plasma team recommend to use with Plasma?
Thomas Pfeiffer
thomas.pfeiffer at kde.org
Thu Jul 7 11:10:44 UTC 2016
On 05.07.2016 13:23, Martin Graesslin wrote:
> The problems as I see it, is that I don't trust Qt to update when there are
> security issues. That's based on how long we had to wait for Qt 5.6.1. I just
> tried to figure out which issues in QtWebEngine were fixed in 5.6.1, but that's
> not possible. The changelog ( https://code.qt.io/cgit/qt/qtwebengine.git/tree/
> dist/changes-5.6.1?h=5.6.1 ) does not list them. It only says it's up to ...
> 2704.63. So are the issues mentioned in https://
> googlechromereleases.blogspot.de/2016/06/stable-channel-update_16.html fixed or
> not? And what about those in https://googlechromereleases.blogspot.de/2016/06/
> stable-channel-update.html ?
>
> That's the problem I see with Qt based browsers - I don't think the Qt team is
> up to the task of doing timely security fixes for their software. Also caused
> by Qt's release model of releasing all together. QtWebEngine would need
> updates whenever chromium updates.
>
> I'm writing that with my security hat on and not with my I would like to see
> Qt applications hat.
>
>
This is a very valid point, but wouldn't it be in our as well as Qt's best interest
to figure out a solution for it together with the Qt community, instead of just
saying
"Anything using QtWebEngine is a security risk and therefore should not be used?"
I suppose we all want our favorite toolkit to be usable to securely browse the web,
don't we? I'd be very surprised if the Qt Company simply did not care about the
security of QtWebEngine, so if we approach them with our concerns, they should
be responsive to them.
More information about the Plasma-devel
mailing list