On Wed, Dec 13, 2023 at 02:19:04PM -0700, Soren Stoutner wrote: >... > How feasible would it be to make sure that stable always ships with paired > LTS releases of > KDE and Qt? As you point out above, those release windows might not line up > exactly with > Debian’s release window, but it seems like it would be an improvement on the > current > situation. >...
What's the benefit of using upstream-supported LTS releases? Debian stable would would anyway not follow upstream point releases with rare exceptions like browser engines. > If you don’t think it is feasible to ship LTS versions of KDE and Qt in > stable, how do you > propose handling proper security support for KDE and Qt? >... Backporting CVE fixes for these packages, as has already been done for many years. Except for the browser engines, CVEs have been few and fixes easy to backport. Security support for the 3 years non-LTS support of Debian stable releases is not realistically possible for Qt WebEngine unless this is offered by upstream in an API/ABI compatible way without requiring newer dependencies (WebKitGTK has such upstream support). cu Adrian
