On January 15, 2019 7:17:36 AM UTC, Pino Toscano <p...@debian.org> wrote:
>In data lunedì 14 gennaio 2019 12:22:52 CET, Scott Kitterman ha
>scritto:
>> On Thu, 01 Nov 2018 14:04:12 -0300 Lisandro
>> =?ISO-8859-1?Q?Dami=E1n_Nicanor_P=E9rez?= Meyer
><perezme...@gmail.com> wrote:
>> > On Wed, 17 Oct 2018 15:57:25 +0200 Ivo De Decker <iv...@debian.org>
>wrote:
>> > > Hi,
>> > >
>> > > On Fri, Nov 24, 2017 at 04:59:58PM -0300, Lisandro Damián Nicanor
>Pérez
>> > Meyer wrote:
>> > > > Control: tag -1 patch
>> > > >
>> > > > There is patch available for this at
>> <https://git.archlinux.org/svntogit/
>> > > >
>packages.git/tree/trunk/kdelibs-no-kdewebkit.patch?h=packages/kdelibs>
>> > > >
>> > > > We might want to wait for the last tandem of KF5 apps though.
>> > >
>> > > Is there anything still blocking this?
>> >
>> > Yes, at least one co maintainer believes the kde-runtime patch is
>not
>> > appropriate.
>>
>> That patch no longer seems to be available, so I made my own.
>Patches for
>> kde4libs and kde-runtime attached. I looked at the KDE4 packages
>still in
>> Buster and I don't believe this interferes with anything. This also
>fixes the
>> FTBFS with Samba 4.9 by dropping the KDE4 kio_smb.
>
>The samba compatibility issue is a different story, and it can be fixed
>by just disabling kio_smb (in case it requires non-trivial work to make
>it work again).
>
>> I think we should move forward on these (or some improved version if
>someone
>> has suggestions).
>>
>> Even though there are separate bugs for kde-runtime, since the patch
>for it
>> was already discussed in this bug, I thought we might as well keep
>them
>> together.
>
>Did you check that all the packages using kde4libs still build fine?
>
>The removal of kio_thumbnail from kde-runtime is definitely not
>appropriate, since it will break the thunbnail support for any
>kdelibs 4.x application.
>
>Again: something worth to mention, since apparently it is not clear:
>removing bits from either kde4libs or kde-runtime has consequences,
>either build time or runtime ones. Randomly chopping pieces without
>checking what changes, and potentially what breaks, is generally a
>big no-no from me. I do not see how "remove qtwebkit" is an excuse to
>start messing up with packages, just for the sake of package removal.
I didn't do rebuild tests, but I did search using codesearch to see if any of
the dropped headers or functions are used. I didn't find anything.
I think rebuilding the rdepends is a reasonable next step. I'll try that and
see if anything is affected.
I understand your concern, but I don't think realeasing with a known pile of
security vulnerabilities such as Qt4's WebKit is doing anyone any favors if it
can be avoided.
Scott K
