From mboxrd@z Thu Jan 1 00:00:00 1970 From: Danny Milosavljevic Subject: Re: texmaker, Qt and Chromium Date: Sat, 8 Oct 2016 10:55:45 +0200 Message-ID: <20161008105545.6154ed73@scratchpost.org> References: <877f9kufxx.fsf@elephly.net> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:42500) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bsnQF-00027H-9r for guix-devel@gnu.org; Sat, 08 Oct 2016 04:56:00 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bsnQA-0006VL-4w for guix-devel@gnu.org; Sat, 08 Oct 2016 04:55:58 -0400 Received: from dd1012.kasserver.com ([85.13.128.8]:53942) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bsnQ9-0006V0-Up for guix-devel@gnu.org; Sat, 08 Oct 2016 04:55:54 -0400 In-Reply-To: <877f9kufxx.fsf@elephly.net> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Ricardo Wurmus Cc: guix-devel Hi, On Fri, 07 Oct 2016 21:17:30 +0200 Ricardo Wurmus wrote: > our build of the =E2=80=9Ctexmaker=E2=80=9D package is broken ever since = we disabled the > webkit module of our Qt package. I=E2=80=99m currently looking into pack= aging > up the needed Qt modules, but the obvious question remains: do we want > this? =E2=80=9Cqtwebengine=E2=80=9D not only bundles chromium, chromium = itself also > bundles a whole bunch of other stuff. >=20 > Personally, I think it=E2=80=99s acceptable to package =E2=80=9Cqtwebengi= ne=E2=80=9D because > ultimately it=E2=80=99s up to the Qt and Chromium developers to keep their > software secure One of the reasons I'm using distributions rather than just ./configure ; m= ake ; make install is that distributors stay on top of security problems an= d disable and/or patch packages as problems arise. I think many others also= mainly use distributions because of that. Having security problems in dependencies-I-did-not-specify-to-be-installed = is much worse than having them in a package I directly asked to be installe= d. I'm still not clear on why texmaker needs an integrated web browser (with J= avascript, support for video formats, access to the internet, background ta= sks, local store access, authentication support, dynamic font downloading, = all my cookies, password storage etcetc). It's a frontend for TeX, right? D= oes TeX support HTML output and preview? I've checked the texmaker source - seems they are using the web browser to = display PDF (WTF...) and the help (documentation) and a plain text file (di= ff file). They have commented out the call to QDesktopServices::openUrl() - which wou= ld be how I'd expect one to open a web page. I tried to find their source c= ode repository in order to determine why, but failed. (I think one should either write a webapp in which case run it in a web bro= wser. Or write a desktop application in which case don't run it in a web br= owser. If you need a web browser, invoke the user's preferred web browser (= automatically, if needed) in an extra process. Otherwise the attack surface= is just too large...) Having read the source code now, I'd rather not use it.