On Saturday 12 November 2011 00:10:22 Robert Xu wrote: > > This is an extensive objection by a KDE4 developer against marketing and promoting KDE3 and/or Trinity. > > > > I would like to see what can you say in response as it seems he expresses quite common sentiments of distributions developers towards > > KDE3. > > KDE3 I can understand, as it is technically dead. > Trinity, however, is not. Trinity is KDE3. You did not anything special yet to say Trinity is not KDE3. Porting to cmake does not suffice. > > 1) Quality and security. Despite the KDE:KDE3 maintainer's high degree of > > activity in packaging every KDE 3 app out there and adapting the KDE 3 > > platform to build on current distributions, it is a mistake to equate this > > with sufficient maintenance to ensure adequate code quality to include this in > > our distribution. The KDE 3 and Qt 3 codebases are massive, include code in > > all the worst places to have a vulnerability, have been essentially > > unmaintained for over 2 years now, and *include many known bugs and > > vulnerabilities that have only been fixed in the 4 releases*. > > This is nothing to do with Trinity. You are saying like if Trinity was not using Qt3 and KDE3 codebase. > > Assurances that the project is now maintained upstream by the Trinity project > > are hollow; the Trinity group is only a handful of people, none of whom are > > the original maintainers or developers of the code, and most of their effort > > is spent on writing a Qt4 compatibility layer and in porting the build system > > to cmake, not maintenance. In any case, the packages in KDE:KDE3 are based on > > 3.5.10 and only include some changes from the Trinity project's fork, which is > > now 3.5.12. > > While this may be partially true, we are getting more help everyday. > The focus has currently shifted off a Qt4 compatibility layer to > maintenance and cmake, because not only is cmake vital to fixing build > problems, but that actually counts as maintenance. Also, we have > gotten Trinity to build on more recent environments, This is not specific for Trinity. It is known that fixing build is not that difficult. > and plan to allow > it to do so for the future. We will always continue fixing bugs, and > patching up security holes. Can you please point to some security holes closed so I could use them for arguing? > We will always welcome outside help to > this task, which has been gladly accepted. > > The Qt4 compatibility layer is not top priority. > > KDE:KDE3 is still stuck on 3.5.10, and therefore does not impact us. > It was your decision to keep it there. Ok, I will up the version to 3.6 so "not to stuck with 3.5.10". > > openSUSE Factory maintainers made an error of judgement to resume including > > KDE 3 packages while they demonstrably fulfil the latter 3 of our drop > > criteria [2], and marketing should not join them in this. > > This is regarding KDE:KDE3, so I will not comment on this. > As for Trinity, however, they do fulfill criteria. Look, KDE:KDE3 has MUCH more patches than your Trinity has if you are inclined to compare and attack us. Trinity still depends on deprecated HAL, for example. If KDE:KDE3 does not fulfill the criteria, then Trinity does not fulfill either. > It fulfills the latter three criteria well, so it works. And > openSUSE's Security Team can work with us.