#627 closed defect (fixed)
Upgrade Qt version to latest 5.12.x LTR
| Reported by: | larrysh | Owned by: | |
|---|---|---|---|
| Priority: | major | Component: | Package |
| Version: | Keywords: | qt | |
| Cc: |
Description
I recommend OSGeo4W's Qt packages be updated to 5.12.4 or latest LTR version, specifically for this OpenSSL v1.1.1 reason:
https://www.qt.io/blog/2019/06/17/qt-5-12-4-released-support-openssl-1-1-1
I think it is a security concern to rely upon an OpenSSL version that is 3+ years old, as is the case with official Qt < 5.12.4 releases. For one example, there is no TLS 1.3 support in OpenSSL 1.0.2.
This 5.12.x LTR version may be the last available open-source binary distribution from Qt, so the package script looks like it can be updated, i.e. Qt doesn't need to be compiled yet.
Change History (11)
comment:1 by , 4 years ago
comment:2 by , 4 years ago
Hi Thomas,
Possibly, though this means more work to ensure all dependent packages are compatible with the latest Qt version. Ideally, the LTS remains available via a source distribution and can be built into a package, even with some delay in backports. Binary distros of the LTS will undoubtably stop being available for repackaging.
comment:3 by , 4 years ago
The current idea is to switch to 5.14 and use the occasion to upgrade compilers and drop 32bit (according to the latest qgis survey only 7% of the participants still use it).
comment:6 by , 3 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
follow-up: 8 comment:7 by , 3 years ago
@jef what do you mean by fixed + closed? Where are the upgraded Qt packages available?
comment:8 by , 3 years ago
Replying to thomasb:
@jef what do you mean by fixed + closed? Where are the upgraded Qt packages available?
OSGeo4W testing
comment:10 by , 3 years ago
Replying to thomasb:
awesome! when is schedule to release to prod?
There's no schedule. The number of issues found so far is low. Very low. Suspiously low. I guess not too many people actually tested.
Your question about where to find the packages suggests that you didn't see the posting on the qgis user mailing list (mentioned in the QGIS 3.18 release tweet) or noticed the new installers on the QGIS download page (mentioned in the QGIS 3.18.1 release tweet) either.
AFAICT it's ready to flip the switch - well, there's currently nothing that prevents anyone to try and update an existing installation from the new repo. And that will likely break or at least leave a lot of cruft. And that would be the default if we actually just move testing to the original repo.
We should probably just move the old repo to attic or something and rename testing to something else (ng? v2? release? production? your ad here?).
comment:11 by , 3 years ago
Indeed I didn't know. Great to see 'reboot' made available. As I use QGIS mainly on Linux, I didn't try the Windows MSIs yet. Awesome to see it is packaged already!
Consider the future LTS strategy:
"Long-term-supported (LTS) releases and the offline installer will become available to commercial licensees only" (https://www.qt.io/blog/qt-offering-changes-2020)
It might be reasonable to update to 5.14 straightforward (or to the soon available 5.15).