Bug#1057755: Qt WebEngine Security Support In Stable
Hej Soren,
Am Mittwoch, 13. Dezember 2023, 22:19:04 CET schrieb Soren Stoutner:
[...]
> Qt has LTS releases about every 18 months and supports them for 36
> months (three years). This means there are always two active LTS
> releases. Unless there is an unusually long freeze, stable should
> end up with a release that has somewhere between 1and 2 years of
> support. It might not be perfect, but it is a lot better than what
> we currently have.
Don't forget that the open-source Qt LTS releases are delayed by a year.
> The transition to KDE 6 is a bit of a unique situation. I would
> imagine that it would need to mature a bit before most people want to
> be using it (thinking of the old KDE 4 transition, or even the one to
> KDE 5). By the time KDE 6 is ready to propagate to stable, I would
> imagine that there will be a version that is based on an LTS release
> of Qt.
The release schedule for Plasma 6 is not set in stone yet, but the
earliest they can base it on a Qt LTS would be in about a year.
Let's see how that lines up with trixie.
> Looking at KDE’s release information, I see that KDE has an LTS
> release about 1-2 years. I am assuming these KDE LTS releases are
> compatible with Qt LTS releases, although if anyone has any
> information to the contrary please share.
>
> https://community.kde.org/Schedules/Plasma_5[1]
>
> https://endoflife.date/kde-plasma[2]
>
> How feasible would it be to make sure that stable always ships with
> paired LTS releases of KDE and Qt?
KDE doesn't have LTS releases, only Plasma has.
If Plasma 6 continues the path of Plasma 5, they'll have LTS releases
every 2 years, namely early in even years so that it fits with the Ubuntu
LTS release among other things. And that is quite a bad fit for Debian.
[Plasma 5.27 in bookworm is an outlier. It was made LTS because it is
the last Plasma 5 release.]
KDE used to support Plasma LTS releases for about 18-20 months. That
meant that by the time of a Debian release, the LTS release is almost
out of support. And yes, support for an LTS version stops several months
before the next LTS version is released.
> As you point out above, those
> release windows might not line up exactly with Debian’s release
> window, but it seems like it would be an improvement on the current
> situation. Beyond security support issues, there would probably be a
> lot of stability benefits (like KMail not breaking as often).
There is no LTS version of Kmail. Neither the Frameworks nor KDE Gear
have LTS versions. By the time of a Debian release, both are already out
of support.
> If you don’t think it is feasible to ship LTS versions of KDE and Qt
> in stable, how do you propose handling proper security support for
> KDE and Qt?
I can only do with what I have. If you want better support, you need
more resources.
--
Med vänliga hälsningar
Patrick Franz
Reply to: