On Mon, Oct 31, 2016 at 12:27:13PM +0100, Sandro Knauß wrote:
> Hey,
>
> I don't know if you heard about QtWebEngine - it is a Web browser engine for
> Qt applications. And is using a patched chromium (49.0.2623.111)( inside src/
> 3rdparty/chromium) as webengine. Qt itself depecated QWebKit and pushing
> everyone to use QWebEngine instead.
> Unfortunately we didn't found a way to share parts with the chromium package :
> ( But this means, that security vulnerable that hit chromium may also affect
> QtWebEngine and the other way round.
>
> For post Stretch we hopefully can find a solution to get rid of this copy...
Hi,
I don't think we're realistically be able to cover that with security support
(and QT upstream won't be able either): chromium is a highly volatile target
and the only way we're able to support it is by following their upstream
releases,
which makes aggressive changes over time.
So QWebEngine in stretch will be as unsupported as as in QWebkit was in jessie:
https://www.debian.org/releases/jessie/amd64/release-notes/ch-information.en.html#browser-security
Cheers,
Moritz
