[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Staying on top of Qt security
From: |
Leo Famulari |
Subject: |
Re: Staying on top of Qt security |
Date: |
Mon, 22 Feb 2016 15:19:50 -0500 |
User-agent: |
Mutt/1.5.24 (2015-08-30) |
On Mon, Feb 22, 2016 at 08:53:39PM +0100, Andreas Enge wrote:
> Sorry, Chris, that I bothered you with the state of pumpa; I was so convinced
> that you were the packager that I did not even check! I suppose that I have
> read too many of your blog posts to planet gnu; whenever I hear "federation"
> or "pumpsomething" now, I think of you.
>
> On Sun, Feb 21, 2016 at 09:42:43AM -0800, Christopher Allan Webber wrote:
> > Leo Famulari writes:
> > > Apparently QJson's master branch has supported Qt-5 for some time, so I
> > > asked the maintainers if that is true, and if they plan to issue a new
> > > release [0]. We could try packaging from git.
> > > https://github.com/flavio/qjson/issues/49
>
> Thanks for the initiative!
>
> > Sounds good. If they don't make a new release, I think packaging from
> > git is the best option.
>
> I am not a big fan of packaging from non-release versions. Maybe you could
> convince upstream that this is enough of an exciting change to make a release,
> Leo? In the end, it is probably more interesting and important to get rid
> of Qt-4 than to not package from git. But there are still other packages
> requiring Qt-4. Maybe we should wait a bit until their number is more
> reduced,
> and then take a joint decision for the remaining ones.
I agree that packaging non-release versions is not ideal. We may trade
one security issue for another, since non-release commits are usually
not scrutinized as much by upstream.
My plan is to wait a little bit to see if QJson takes action.
Another option is to persuade the Pumpa upstream to stop using QJson.
- Re: Staying on top of Qt security, (continued)
- Re: Staying on top of Qt security, Andreas Enge, 2016/02/18
- Re: Staying on top of Qt security, Leo Famulari, 2016/02/18
- Re: Staying on top of Qt security, Christopher Allan Webber, 2016/02/18
- Re: Staying on top of Qt security, Andreas Enge, 2016/02/18
- Re: Staying on top of Qt security, Christopher Allan Webber, 2016/02/20
- Re: Staying on top of Qt security, Leo Famulari, 2016/02/21
- Re: Staying on top of Qt security, Christopher Allan Webber, 2016/02/21
- Re: Staying on top of Qt security, Leo Famulari, 2016/02/21
- Re: Staying on top of Qt security, Andreas Enge, 2016/02/22
- Re: Staying on top of Qt security,
Leo Famulari <=
- Re: Staying on top of Qt security, Andreas Enge, 2016/02/22
Re: Staying on top of Qt security, Andreas Enge, 2016/02/22
Re: Staying on top of Qt security, Andreas Enge, 2016/02/25
Re: Staying on top of Qt security, Ricardo Wurmus, 2016/02/25