Hi again,

From LeechCraft developer:
> It's pretty sad. Yes, using qtwebkit to display web content that you don't control is a bad idea (that's why there is a webengine for leechcraft-poshuku, I personally use it, and everything works). But if this is something like a wysiwyg editor, or even a chat window in leechcraft-azoth, then qtwebkitwidgets is quite normal there (but webenginewidgets is not, creating a tab by process to display one and a half html tags is somehow so-so).
>   If the editor can be turned off for now, then I would not like leechcraft-azoth. And although I have been planning to support various rendering backends with plugins for a long time, I still need to sit down and do it, and this is at least a week of full-fledged work. And even in this case, I would like to leave the support for qtwebkitwidgets — it's somehow more lightweight.
>   What are the deadlines for removing qtwebkit from openSUSE?

From my side: is there any possibility to save qtwebkitwidgets with sterilized qtwebkit as a dependency?

чт, 1 июл. 2021 г. в 11:08, Christophe Giboudeaux <christophe@krop.fr>:
Hello,

QtWebKit was a rendering engine for web content released with Qt until 5.6. It
was replaced with QtWebEngine after that.

Despite a community fork in 2016, nothing really happened to keep it alive and
secure.
Quoting the QtWebKit release page on Github:

"WARNING: This release is based on old WebKit revision with known unpatched
vulnerabilities.
Please use it carefully and avoid visiting untrusted websites and using it for
transmission of sensitive data."

It's time to drop it from openSUSE Tumbleweed.

The good news, most QtWebKit remaining users were just caused by obsolete
'BuildRequires'. Most were cleaned during the week end.

Pending SRs:
- FreeCAD (SR#902666 replaces the dependency)
- qgis (SR#903291 disables the optional dependency)
- owncloud-client (it needs an unrelated code fix)
- notepadqq (SR#903352 replaces the old version with a git snapshot)

Packages that could use snapshots:
- quiterss
  The upstream website looks down. There are 2 github repo (QuiteRSS/quiterss2
and QuiteRSS/quiterss). Both don't have hard dependency on QtWebKit.
- leechcraft
  Last release in 2014. We're already using snapshots. QtWebKit looks
optional.

The less good news, a couple packages also have to be dropped.

KDE packages that will be dropped:
- trojita (no activity upstream)
- kwebkitpart
- kdewebkit

Packages with no upstream activity and/or no alternative port:
- wkhtmltopdf which is a dependency for python-hide-code and python-pdfkit
- swift-im
- smtube
- goldendict

Christophe


--
Best regards,
Dmitriy Perlow