[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1057755: Qt WebEngine Security Support In Stable

Hej Soren,

Am Mittwoch, 13. Dezember 2023, 22:19:04 CET schrieb Soren Stoutner:
[...]
> Qt has LTS releases about every 18 months and supports them for 36
> months (three years). This means there are always two active LTS
> releases.  Unless there is an unusually long freeze, stable should
> end up with a release that has somewhere between 1and 2 years of
> support.  It might not be perfect, but it is a lot better than what
> we currently have.

Don't forget that the open-source Qt LTS releases are delayed by a year.


> The transition to KDE 6 is a bit of a unique situation.  I would
> imagine that it would need to mature a bit before most people want to
> be using it (thinking of the old KDE 4 transition, or even the one to
> KDE 5).  By the time KDE 6 is ready to propagate to stable, I would
> imagine that there will be a version that is based on an LTS release
> of Qt.

The release schedule for Plasma 6 is not set in stone yet, but the 
earliest they can base it on a Qt LTS would be in about a year.
Let's see how that lines up with trixie.


> Looking at KDE’s release information, I see that KDE has an LTS
> release about 1-2 years.  I am assuming these KDE LTS releases are
> compatible with Qt LTS releases, although if anyone has any
> information to the contrary please share.
> 
> https://community.kde.org/Schedules/Plasma_5[1]
> 
> https://endoflife.date/kde-plasma[2]
> 
> How feasible would it be to make sure that stable always ships with
> paired LTS releases of KDE and Qt?

KDE doesn't have LTS releases, only Plasma has.

If Plasma 6 continues the path of Plasma 5, they'll have LTS releases 
every 2 years, namely early in even years so that it fits with the Ubuntu 
LTS release among other things. And that is quite a bad fit for Debian. 
[Plasma 5.27 in bookworm is an outlier. It was made LTS because it is 
the last Plasma 5 release.]

KDE used to support Plasma LTS releases for about 18-20 months. That 
meant that by the time of a Debian release, the LTS release is almost 
out of support. And yes, support for an LTS version stops several months 
before the next LTS version is released.


> As you point out above, those
> release windows might not line up exactly with Debian’s release
> window, but it seems like it would be an improvement on the current
> situation.  Beyond security support issues, there would probably be a
> lot of stability benefits (like KMail not breaking as often).

There is no LTS version of Kmail. Neither the Frameworks nor KDE Gear 
have LTS versions. By the time of a Debian release, both are already out 
of support.


> If you don’t think it is feasible to ship LTS versions of KDE and Qt
> in stable, how do you propose handling proper security support for
> KDE and Qt?

I can only do with what I have. If you want better support, you need 
more resources.


-- 
Med vänliga hälsningar

Patrick Franz
Reply to: