On Tue, Mar 09, 2021 at 10:41:51AM +0100, Benjamin TERRIER wrote: > I would not mind if it was just a matter of tag, but the fact that the > change file for 5.15.3 (changes-5.15.3) is not present on the 5.15.3 branch > in the public repo does not help making this branch trustworthy.
That's no accident FWIW, see the discussions here: https://codereview.qt-project.org/c/qt/qtwebengine/+/335435 https://codereview.qt-project.org/c/qt/qtwebengine/+/337355 Here's the changes file before the change adding it was abandoned: https://codereview.qt-project.org/c/qt/qtwebengine/+/335435/6/dist/changes-5.15.3 It's... bizarre. Even more so for a highly security-relevant piece of Qt (and a release which fixes 29 CVEs plus 9+ other security bugs). You'd think that The Qt Company would have an interest in keeping their users secure, paying or not. Perhaps someone should take the time to go through those CVEs and make sure that Qt is marked as a known affected product with no public fix released ;) Excuse the snark - I fully respect that TQtC needs to pay its employees after all, but honestly, this is negligent even from a business perspective. I don't care much about this change for qtbase or anything else (where security bugs aren't that prevalent, and where projects can migrate to Qt 6), but for QtWebEngine with no upgrade path available as of now, this is a horrible idea no matter how you look at it. Florian -- m...@the-compiler.org | https://www.qutebrowser.org https://bruhin.software/ | https://github.com/sponsors/The-Compiler/ GPG: 916E B0C8 FD55 A072 | https://the-compiler.org/pubkey.asc I love long mails! | https://email.is-not-s.ms/
signature.asc
Description: PGP signature
_______________________________________________ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest