On Sunday, December 24, 2023 3:50:26 AM MST Adrian Bunk wrote: > > If it ends up not being feasible to backport the entire Qt WebEngine from > > the next LTS release, then we could look at cherry-picking all of the > > security commits. This would be, by far, the most time-intensive solution. > > But, as your point out, the security fixes on the Chromium side are well > > marked. And, generally, they are small commits that only modify a few lines. > > > > For example: > >... > > Your "generally" is not true, it misses the biggest problem. > > Out of 20 CVEs there might be 19 easy ones, plus one that is a quite > invasive patch requiring a lot of backporting work. > > Who has both the required skills and a reliable commitment today for > doing in the year 2027 an urgent backport of a complex fix for a > zero-day vulnerability that is already being exploited in the wild?
I intend to be involved in this work for a lot longer than 2027, although there will probably come a point 30 or 40 years down the road when I will need to hand it off to a future generation. As for the necessary skills, that is something I expect to pick up through a combination of hard work and being willing to ask questions. -- Soren Stoutner so...@stoutner.com
signature.asc
Description: This is a digitally signed message part.
