On Saturday 12 November 2011 00:10:22 Robert Xu wrote:

> > This is an extensive objection by a KDE4 developer against marketing and promoting KDE3 and/or Trinity.
> >
> > I would like to see what can you say in response as it seems he expresses quite common sentiments of distributions developers towards
> > KDE3.
> 
> KDE3 I can understand, as it is technically dead.
> Trinity, however, is not.

Trinity is KDE3. You did not anything special yet to say Trinity is not KDE3.
Porting to cmake does not suffice.

> > 1) Quality and security.  Despite the KDE:KDE3 maintainer's high degree of
> > activity in packaging every KDE 3 app out there and adapting the KDE 3
> > platform to build on current distributions, it is a mistake to equate this
> > with sufficient maintenance to ensure adequate code quality to include this in
> > our distribution.  The KDE 3 and Qt 3 codebases are massive, include code in
> > all the worst places to have a vulnerability, have been essentially
> > unmaintained for over 2 years now, and *include many known bugs and
> > vulnerabilities that have only been fixed in the 4 releases*.
> 
> This is nothing to do with Trinity.

You are saying like if Trinity was not using Qt3 and KDE3 codebase.

> > Assurances that the project is now maintained upstream by the Trinity project
> > are hollow; the Trinity group is only a handful of people, none of whom are
> > the original maintainers or developers of the code, and most of their effort
> > is spent on writing a Qt4 compatibility layer and in porting the build system
> > to cmake, not maintenance.  In any case, the packages in KDE:KDE3 are based on
> > 3.5.10 and only include some changes from the Trinity project's fork, which is
> > now 3.5.12.
> 
> While this may be partially true, we are getting more help everyday.
> The focus has currently shifted off a Qt4 compatibility layer to
> maintenance and cmake, because not only is cmake vital to fixing build
> problems, but that actually counts as maintenance. Also, we have
> gotten Trinity to build on more recent environments, 

This is not specific for Trinity. It is known that fixing build is not that difficult.

> and plan to allow 
> it to do so for the future. We will always continue fixing bugs, and
> patching up security holes. 

Can you please point to some security holes closed so I could use them for
arguing?

> We will always welcome outside help to 
> this task, which has been gladly accepted.
> 
> The Qt4 compatibility layer is not top priority.
> 
> KDE:KDE3 is still stuck on 3.5.10, and therefore does not impact us.
> It was your decision to keep it there.

Ok, I will up the version to 3.6 so "not to stuck with 3.5.10".

> > openSUSE Factory maintainers made an error of judgement to resume including
> > KDE 3 packages while they demonstrably fulfil the latter 3 of our drop
> > criteria [2], and marketing should not join them in this.
> 
> This is regarding KDE:KDE3, so I will not comment on this.
> As for Trinity, however, they do fulfill criteria.

Look, KDE:KDE3 has MUCH more patches than your Trinity has if you are inclined
to compare and attack us. Trinity still depends on deprecated HAL, for example. 

If KDE:KDE3 does not fulfill the criteria, then Trinity does not fulfill either.
 
> It fulfills the latter three criteria well, so it works. And
> openSUSE's Security Team can work with us.