From mboxrd@z Thu Jan  1 00:00:00 1970
From: Efraim Flashner <efraim@flashner.co.il>
Subject: Re: Staying on top of Qt security
Date: Sat, 20 Feb 2016 22:46:49 +0200
Message-ID: <20160220224649.48c3fd10@debian-netbook>
References: <20160214200143.GA19744@jasmine> <20160218204349.GA4179@solar>
	<20160218223529.GC9390@jasmine>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
	boundary="Sig_/joKJAmvHRgnjQyCb0Awe0r.";
	protocol="application/pgp-signature"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:44642)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <efraim@flashner.co.il>) id 1aXEQg-0001WY-Ro
	for guix-devel@gnu.org; Sat, 20 Feb 2016 15:47:03 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <efraim@flashner.co.il>) id 1aXEQd-0006JG-Kd
	for guix-devel@gnu.org; Sat, 20 Feb 2016 15:47:02 -0500
Received: from flashner.co.il ([178.62.234.194]:57607)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <efraim@flashner.co.il>) id 1aXEQd-0006J4-AJ
	for guix-devel@gnu.org; Sat, 20 Feb 2016 15:46:59 -0500
In-Reply-To: <20160218223529.GC9390@jasmine>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
To: Leo Famulari <leo@famulari.name>
Cc: guix-devel@gnu.org

--Sig_/joKJAmvHRgnjQyCb0Awe0r.
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On Thu, 18 Feb 2016 17:35:29 -0500
Leo Famulari <leo@famulari.name> wrote:

> On Thu, Feb 18, 2016 at 09:43:49PM +0100, Andreas Enge wrote:
>  [...] =20
>  [...] =20
>  [...] =20
> > > $ guix refresh -l qt-4                       =20
> > > Building the following 18 packages would ensure 24 dependent packages
> > > are rebuilt: soprano-2.9.4 python2-pyqt-4.11.4 polkit-qt-1-0.112.0
> > > frescobaldi-2.18.1 keepassx-2.0.2 hydrogen-0.9.5.1 strigi-0.7.8
> > > attica-0.4.2 pumpa-0.9.2 libdbusmenu-qt-0.9.2 phonon-4.8.3
> > > brdf-explorer-17 gpsbabel-1.5.0 librecad-2.0.6-rc
> > > alsa-modular-synth-2.1.2 qtractor-0.7.3 ardour-4.4 jalv-1.4.6 =20
> >=20
> > Some of them have no dependent packages, and I think they are mainly or
> > exclusively used for KDE-4, which I started packaging a while ago (and
> > dropped again when I got my Novena, as it turns out that KDE is too
> > resource demanding). In any case, we would package KDE-5 now, and I wou=
ld
> > suggest to simply remove these packages. There are traces in git, so if
> > it turns out we will need them in the end, we can still revive them.
> > This concerns:
> > attica soprano strigi polkit-qt automoc4 qjson libdbusmenu-qt
> > So while we are it it, I suggest to simply remove kde.scm (there is no =
use
> > in keeping a lonely oxygen-icons around...).
> >=20
> > Also, python2-pyqt has no dependent package.
> >=20
> > I looked at frescobaldi; they claim that a Qt-5 port is on the TODO list
> > for their version 3, but without giving any timings.
> >=20
> > If there is no outcry, I will remove the above-mentioned packages/modul=
es.
> >=20
> > Could maybe people using the other packages have a look at them? =20
>=20
> I noticed that Efraim has upgraded a few qt-4 dependencies so that they
> can use qt(-5).
>=20

A bunch of the programs that use qt-4 currently use the cmake-build-system,
and it seems that cmake or something else reads Qt > 4.2 and won't accept
qt-5 as an input. Currently CMake is at 3.3.2, I was going to update it to
3.4.3 but 3.5.0 is almost out. It could be that this is what allows those
programs to be switched.


--=20
Efraim Flashner   <efraim@flashner.co.il>   =D7=90=D7=A4=D7=A8=D7=99=D7=9D =
=D7=A4=D7=9C=D7=A9=D7=A0=D7=A8
GPG key =3D A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

--Sig_/joKJAmvHRgnjQyCb0Awe0r.
Content-Type: application/pgp-signature
Content-Description: OpenPGP digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJWyNC6AAoJEPTB05F+rO6T2rIP/13ttw3/EosYja1tJbR3HUEp
G0u4IYVHKTsaHfdUf30ZQyUkwrxVt1YVHNfNCp4STTZIWJ0fnKq5wtcWC5PKga25
HcPLvr/MCp/i0zN/tKQ5LLdcMHaPYg5XxjfRUa1GK5cY8e6GD6Bk/j9S0uOg8e4/
MqMknzXWadv9uEQ5SVoJl8BuG50aiMUbpSq2hoMV+kooNStha9HsOWJN/7ffrL0z
0lks8/7LUFiK3V2yiRsnrb2/EL/xwuhIqQhPZ1XU8oGEE0m91z2DV6xUihSFpnWg
Mri836j0ixr+aRwJC0bjDzpx3P5lDjOJ1cDbPsmDgLIhIUeCPtKTIHVr7cV6xmdT
GYKHz1GMdXcm1E1kVugbMv0kQRIfZW6m/jj8IjRp7ePkIFp0jXTC6ofQQg2DwgE0
mSk94y1qabw9eBGdgR4swo4GJHuyXEYJRwQOMDTippUQollGhQgM9HUULZuli68S
MrQlTWHqg5GDDfAQkVsch3KBVXeDSTgGsJtfaWQW6dTa1AsJuoSnCFAnm27lpe2S
TPhtUXpnAd76r0nxHf5XNeVCBrdGv12K7N5uUEJk4ey6FmEO2LyNn0dZOHLeUPEH
D/EUJYvABIbUzIpgbZeQuwyeOPdStc0464A9NiF9L2X9bmc7PCA1/N2voPhYZ/AL
6JFyLYdMvMwA5Xq8HZr+
=gRVI
-----END PGP SIGNATURE-----

--Sig_/joKJAmvHRgnjQyCb0Awe0r.--