Overview
Request 1101063 superseded
- build with bundled re2 on Tumbleweed, the upcoming re2 2023-07-01
breaks qtwebengine (forwarded request 1101048 from AndreasStieger)
- Created by Vogtinator
- In state superseded
- Superseded by 1108481
- Open review for opensuse-review-team
- Open review for factory-staging
Request History
Vogtinator created request
- build with bundled re2 on Tumbleweed, the upcoming re2 2023-07-01
breaks qtwebengine (forwarded request 1101048 from AndreasStieger)
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
licensedigger accepted review
ok
anag+factory set openSUSE:Factory:Staging:G as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:G"
anag+factory accepted review
Picked "openSUSE:Factory:Staging:G"
darix declined request
mrueckert wrote (1101063),I clarified this with the security team (meissner) and they would love to see those provides as well.
anag+factory reopened request
Reopened via staging workflow.
anag+factory added factory-staging as a reviewer
Being evaluated by group "factory-staging"
anag+factory accepted review
Unstaged from project "openSUSE:Factory:Staging:G"
anag+factory declined request
Declined via staging workflow.
superseded by 1108481
Needed for re2 SR#1101067
mrueckert wrote (1101063) shouldnt this get that a provides for the bundled library?
No need, it's only used internally
I don't think internal usage matters. We have https://en.opensuse.org/openSUSE:Bundled_software_policy but in the case of chromium this is a nightmare.
Let's dive in: https://github.com/qt/qtwebengine/tree/v5.15.14-lts/src references https://github.com/qt/qtwebengine-chromium/blame/18c9261dc5b8aa57a0bdd5b62ce6f648cca1ef5e/chromium/DEPS#L1355 which is " Chromium to 87.0.4280.67" with re2 as of
25486195537d234bff9e6d785add3eaabe249eb9
. According to https://github.com/google/re2/commit/25486195537d234bff9e6d785add3eaabe249eb9 this is re2 2020-10-01.So that's the version we could add. But I would ask if we are enforcing this universally, and if this package shouldn't be dropped by virtue of bundling a years old chromium.
This is not chromium. It's qtwebengine-chromium (https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based)
'Provides' doesn't make any sense.
It is a feasible mechanism to track this kind of stuff. It may not make a lot of sense because we don't strictly enforce it. https://en.opensuse.org/openSUSE:Bundled_software_policy https://docs.fedoraproject.org/en-US/fesco/Bundled_Software_policy/
The maintainer rejected SR#1101188
Either we accept this one as is, or this package will stand in the way of a re2+chromium security update for the next Chromium major version
More neutral fix in in SR#1101256, and SR#1101246