Bug#1032806: RFS: privacybrowser/0.1-1 [ITP] -- web browser that respects your privacy

2023-03-16 Thread Soren Stoutner 
You are correct about past support.  There probably hasn’t been anyone in 
Debian as focused on Qt WebEngine before me.  That was part of the reason I 
decided to get involved in Debian.

On Wednesday, March 15, 2023 11:05:14 PM MST Paul Wise wrote: 
> I don't see Debian security updates nor stable updates of Qt WebEngine
> for current/previous Debian releases so far, but I am very glad to hear
> that they are being worked on for the Debian bookworm release at least.
> 
> https://lists.debian.org/debian-security-announce/
> https://lists.debian.org/debian-announce/

-- 
Soren Stoutner
so...@stoutner.com

signature.asc
Description: This is a digitally signed message part.

Bug#1032806: RFS: privacybrowser/0.1-1 [ITP] -- web browser that respects your privacy

2023-03-16 Thread Paul Wise 
On Tue, 2023-03-14 at 18:41 -0700, Soren Stoutner wrote:

> I am one of the Debian Qt WebEngine maintainers, and I also submit
> code to the upstream Qt project.
> 
> The Salsa link you included appears to be a bit misinformed about
> security support for Qt WebEngine in Debian. 

I was just relaying the opinion of the Debian Security Team. I suggest
you contact them about the status of Qt WebEngine security support
and updating the comments in the debian-security-support package.

I don't see Debian security updates nor stable updates of Qt WebEngine
for current/previous Debian releases so far, but I am very glad to hear
that they are being worked on for the Debian bookworm release at least.

https://lists.debian.org/debian-security-announce/
https://lists.debian.org/debian-announce/

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#1032806: RFS: privacybrowser/0.1-1 [ITP] -- web browser that respects your privacy

2023-03-15 Thread Soren Stoutner 
I’m not sure I understand what point you are trying to make.

On Wednesday, March 15, 2023 12:35:07 PM MST Mezgani Ali wrote:
> Look Storen,
> 
> Qt WebEgine used 15 years ago for developing a Safari from scratch.
> Debian/GNU Linux is more GTK side than Qt.
> 
> 
> Kind regards,
> 
> Mezgani Ali
> +212 6 44 17 94 51
> ali.mezg...@nativelabs.ma
> https://wiki.debian.org/mezgani
> 
> ⢀⣴⠾⠻⢶⣦⠀ Active member of IETF, GNU, Debian, FreeBSD and Kernel.
> ⣾⠁⢠⠒⠀⣿⡁
> ⢿⡄⠘⠷⠚⠋⠀
> ⠈⠳⣄⠀
> 
> > On 15/03/2023, at 19:52, Soren Stoutner  wrote:
> > 
> > Paul,
> > 
> > The point is that these security updates are added upstream, they are
> > regularly packaged in Debian, and it wouldn’t be any harder to support
> > them in Debian stable than security updates for any other browser.  Your
> > original email indicated that none of these three things were true.
> > 
> > Beyond that, you might find the following an interesting read (fairly
> > long, but the point is that, as per the Chromium maintainer, Qt WebEngine
> > has better coverage in Debian stable than Chromium does):
> > 
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020387#255
> >  Privacy
> > Browser is not going to ship in Bookworm, but it will ship in Bookworm+1.
> >  Part of the reason why I have become one of the Qt maintainers is so
> > that it receives proper security support in stable (and oldstable as much
> > as possible, although there probably isn’t any web browser that currently
> > has good security coverage in oldstable).
> > 
> > Soren
> > 
> > On Wednesday, March 15, 2023 11:34:58 AM MST Dmitry Shachnev wrote:
> > > Hi all!
> > > 
> > > On Tue, Mar 14, 2023 at 06:41:55PM -0700, Soren Stoutner wrote:
> > > > Paul,
> > > > 
> > > > I /am/ one of the Debian Qt WebEngine maintainers, and I also submit
> > > > code
> > > > to the upstream Qt project.
> > > > 
> > > > The Salsa link you included appears to be a bit misinformed about
> > > > security
> > > > support for Qt WebEngine in Debian.  For more accurate information, I
> > > > would
> > > > point you to this link:
> > > > 
> > > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032794
> > > 
> > > Please note that this request is for a not-yet-released Debian version.
> > > 
> > > I am not sure the Release team will agree to have such updates in
> > > stable.
> > > Although, I would be happy to discuss this with them.
> > > 
> > > --
> > > Dmitry Shachnev
> > 
> > --
> > Soren Stoutner
> > so...@stoutner.com


-- 
Soren Stoutner
so...@stoutner.com

signature.asc
Description: This is a digitally signed message part.

Bug#1032806: RFS: privacybrowser/0.1-1 [ITP] -- web browser that respects your privacy

2023-03-15 Thread Mezgani Ali 
Look Storen,

Qt WebEgine used 15 years ago for developing a Safari from scratch. Debian/GNU 
Linux is more GTK side than Qt.


Kind regards,

Mezgani Ali
+212 6 44 17 94 51
ali.mezg...@nativelabs.ma
https://wiki.debian.org/mezgani

⢀⣴⠾⠻⢶⣦⠀ Active member of IETF, GNU, Debian, FreeBSD and Kernel.
⣾⠁⢠⠒⠀⣿⡁ 
⢿⡄⠘⠷⠚⠋⠀ 
⠈⠳⣄⠀





> On 15/03/2023, at 19:52, Soren Stoutner  wrote:
> 
> Paul,
> 
> The point is that these security updates are added upstream, they are 
> regularly packaged in Debian, and it wouldn’t be any harder to support them 
> in Debian stable than security updates for any other browser.  Your original 
> email indicated that none of these three things were true.
> 
> Beyond that, you might find the following an interesting read (fairly long, 
> but the point is that, as per the Chromium maintainer, Qt WebEngine has 
> better coverage in Debian stable than Chromium does):
> 
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020387#255 
> 
> Privacy Browser is not going to ship in Bookworm, but it will ship in 
> Bookworm+1.  Part of the reason why I have become one of the Qt maintainers 
> is so that it receives proper security support in stable (and oldstable as 
> much as possible, although there probably isn’t any web browser that 
> currently has good security coverage in oldstable).
> 
> Soren
> 
> On Wednesday, March 15, 2023 11:34:58 AM MST Dmitry Shachnev wrote:
> > Hi all!
> >
> > On Tue, Mar 14, 2023 at 06:41:55PM -0700, Soren Stoutner wrote:
> > > Paul,
> > >
> > > I /am/ one of the Debian Qt WebEngine maintainers, and I also submit code
> > > to the upstream Qt project.
> > >
> > > The Salsa link you included appears to be a bit misinformed about security
> > > support for Qt WebEngine in Debian.  For more accurate information, I
> > > would
> > > point you to this link:
> > >
> > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032794
> >
> > Please note that this request is for a not-yet-released Debian version.
> >
> > I am not sure the Release team will agree to have such updates in stable.
> > Although, I would be happy to discuss this with them.
> >
> > --
> > Dmitry Shachnev
> 
> 
> --
> Soren Stoutner
> so...@stoutner.com

Bug#1032806: RFS: privacybrowser/0.1-1 [ITP] -- web browser that respects your privacy

2023-03-15 Thread Soren Stoutner 
Paul,

The point is that these security updates /are/ added upstream, they /are 
/regularly 
packaged in Debian, and it wouldn’t be any harder to support them in Debian 
stable than 
security updates for any other browser.  Your original email indicated that 
none of these 
three things were true.

Beyond that, you might find the following an interesting read (fairly long, but 
the point is 
that, as per the Chromium maintainer, Qt WebEngine has better coverage in 
Debian stable 
than Chromium does):

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020387#255[1]

Privacy Browser is not going to ship in Bookworm, but it will ship in 
Bookworm+1.  Part of 
the reason why I have become one of the Qt maintainers is so that it receives 
proper 
security support in stable (and oldstable as much as possible, although there 
probably isn’t 
any web browser that currently has good security coverage in oldstable).

Soren

On Wednesday, March 15, 2023 11:34:58 AM MST Dmitry Shachnev wrote:
> Hi all!
> 
> On Tue, Mar 14, 2023 at 06:41:55PM -0700, Soren Stoutner wrote:
> > Paul,
> > 
> > I /am/ one of the Debian Qt WebEngine maintainers, and I also submit code
> > to the upstream Qt project.
> > 
> > The Salsa link you included appears to be a bit misinformed about security
> > support for Qt WebEngine in Debian.  For more accurate information, I
> > would
> > point you to this link:
> > 
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032794
> 
> Please note that this request is for a not-yet-released Debian version.
> 
> I am not sure the Release team will agree to have such updates in stable.
> Although, I would be happy to discuss this with them.
> 
> --
> Dmitry Shachnev


-- 
Soren Stoutner
so...@stoutner.com


[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020387#255


signature.asc
Description: This is a digitally signed message part.

Bug#1032806: RFS: privacybrowser/0.1-1 [ITP] -- web browser that respects your privacy

2023-03-15 Thread Dmitry Shachnev 
Hi all!

On Tue, Mar 14, 2023 at 06:41:55PM -0700, Soren Stoutner wrote:
> Paul,
>
> I /am/ one of the Debian Qt WebEngine maintainers, and I also submit code
> to the upstream Qt project.
>
> The Salsa link you included appears to be a bit misinformed about security
> support for Qt WebEngine in Debian.  For more accurate information, I would
> point you to this link:
>
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032794

Please note that this request is for a not-yet-released Debian version.

I am not sure the Release team will agree to have such updates in stable.
Although, I would be happy to discuss this with them.

--
Dmitry Shachnev


signature.asc
Description: PGP signature

Bug#1032806: RFS: privacybrowser/0.1-1 [ITP] -- web browser that respects your privacy

2023-03-14 Thread Soren Stoutner 
Paul,

I /am/ one of the Debian Qt WebEngine maintainers, and I also submit code to 
the 
upstream Qt project.

The Salsa link you included appears to be a bit misinformed about security 
support for Qt 
WebEngine in Debian.  For more accurate information, I would point you to this 
link:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032794[1]

Bug fixes for Qt WebEngine are backported every couple of months by upstream Qt:

https://www.qt.io/blog/commercial-lts-qt-5.15.13-released[2]

There are a number of other browsers based on Qt WebEngine currently in Debian. 
 A non-
exhaustive list includes the following:

Konqueror
Falkon
qutebrowser
Angelfish

If you are interested in more information about the subject, I have a section 
of Privacy 
Browser’s handbook dedicated to the subject which is included in the 
index.docbook in the 
.deb.

Soren

On Tuesday, March 14, 2023 6:19:44 PM MST you wrote:
> On Sat, 2023-03-11 at 14:41 -0700, Soren Stoutner wrote:
> >  * URL  : https://www.stoutner.com/privacy-browser-pc/
> >   privacybrowser - web browser that respects your privacy
> 
> I note that this browser depends on Qt WebEngine, all the Qt based web
> engines are not security supported in Debian. I encourage you to switch
> to a browser engine that is security supported, or discuss with the
> Debian and upstream Qt web engine maintainers to add such support.
> 
> https://salsa.debian.org/debian/debian-security-support/-/blob/master/securi
> ty-support-limited 
>  * qtwebengine-opensource-src: No security support upstream and
>backports not feasible, only for use on trusted content
>  * qtwebkit: No security support upstream and backports not feasible,
>only for use on trusted content
>  * qtwebkit-opensource-src: No security support upstream and backports
>not feasible, only for use on trusted content
>  * kde4libs: khtml has no security support upstream, only for use on
>trusted content
>  * khtml: khtml has no security support upstream, only for use on
>trusted content, see #1004293


-- 
Soren Stoutner
so...@stoutner.com


[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032794
[2] https://www.qt.io/blog/commercial-lts-qt-5.15.13-released

signature.asc
Description: This is a digitally signed message part.

Bug#1032806: RFS: privacybrowser/0.1-1 [ITP] -- web browser that respects your privacy

2023-03-14 Thread Paul Wise 
On Sat, 2023-03-11 at 14:41 -0700, Soren Stoutner wrote:

>  * URL  : https://www.stoutner.com/privacy-browser-pc/
>   privacybrowser - web browser that respects your privacy

I note that this browser depends on Qt WebEngine, all the Qt based web
engines are not security supported in Debian. I encourage you to switch
to a browser engine that is security supported, or discuss with the
Debian and upstream Qt web engine maintainers to add such support.

https://salsa.debian.org/debian/debian-security-support/-/blob/master/security-support-limited
   
 * qtwebengine-opensource-src: No security support upstream and
   backports not feasible, only for use on trusted content
 * qtwebkit: No security support upstream and backports not feasible,
   only for use on trusted content
 * qtwebkit-opensource-src: No security support upstream and backports
   not feasible, only for use on trusted content
 * kde4libs: khtml has no security support upstream, only for use on
   trusted content
 * khtml: khtml has no security support upstream, only for use on
   trusted content, see #1004293

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Bug#1032806: RFS: privacybrowser/0.1-1 [ITP] -- web browser that respects your privacy

2023-03-11 Thread Soren Stoutner 
Package: sponsorship-requests
Severity: wishlist

Dear mentors,

I am looking for a sponsor for my package "privacybrowser":

 * Package name : privacybrowser
   Version  : 0.1-1
   Upstream contact : Soren Stoutner 
 * URL  : https://www.stoutner.com/privacy-browser-pc/
 * License  : GPL-3+, GFDL-NIV-1.3+
 * Vcs  : https://salsa.debian.org/sorenstoutner/privacybrowser
   Section  : web

The source builds the following binary packages:

  privacybrowser - web browser that respects your privacy

To access further information about this package, please visit the following 
URL:

  https://mentors.debian.net/package/privacybrowser/

Alternatively, you can download the package with 'dget' using this command:

  dget -x https://mentors.debian.net/debian/pool/main/p/privacybrowser/
privacybrowser_0.1-1.dsc

Changes for the initial release:

 privacybrowser (0.1-1) experimental; urgency=low
 .
   * Initial release (closes: #1031755).

Regards,

-- 
Soren Stoutner
so...@stoutner.com


signature.asc
Description: This is a digitally signed message part.