Migrate to Qt6 before Qt5 end-of-life #1562
Comments
|
A couple of notes:
|
|
Fantastic, this lines up nicely with questions I have for @creviera in #1555. |
|
Do we have any indication that Debian is not fixing Qt security issues, even after upstream EOL? https://security-tracker.debian.org/tracker/source-package/qtbase-opensource-src looks good to me. I don't see qt listed in https://salsa.debian.org/debian/debian-security-support/-/blob/master/security-support-ended.deb9 or https://salsa.debian.org/debian/debian-security-support/-/blob/master/security-support-ended.deb10 which leads me to believe it should be fine (I can ask the Debian Security Team member I know if we're still concerned). The one caveat is that qt-webkit/qt-webengine are listed in https://salsa.debian.org/debian/debian-security-support/-/blob/master/security-support-limited - but I assume(d) we're not using those? |
|
Since the EOL deadline is approaching, I think it would be good to have clarity on Debian's approach to security issues after the upstream EOL date. If nothing forces us to migrate, we could potentially defer it until the Bookworm migration. |
|
Yes, and, I think that https://github.com/freedomofpress/securedrop-engineering/pull/21 (private link, sorry folks) is also a reason to defer this migration until the last responsible moment. |
|
Moritz of the Debian security team confirmed that Qt gets full security support (except for qt-webkit) and "it's also fairly robust, security issues have been fairly obscure in general: https://security-tracker.debian.org/tracker/source-package/qtbase-opensource-src" So I'd suggest we close this and deal with the upgrade as part of bookworm or other work. |
Description
According to Qt, Qt 5.15 will reach EOL on 2023-05-26 for non-subscribers. We should ensure we migrate to a supported version before then.
The text was updated successfully, but these errors were encountered: