The Danger Of Relying On EOL Dependencies

Brodie Robertson

28 Oct 202414:29

Summary

TLDRIn this video, an Arch Linux user discusses compatibility issues with ProtonMail Bridge and Qt 6.8, highlighting how this version causes failures that did not occur with Qt 6.7. Despite claims from Proton developers that the Bridge is only supported on specific Linux distributions, the speaker notes that their own website provides installation guidance for Arch users. He critiques the use of outdated dependencies, particularly since the version in use has reached end-of-life status, raising security concerns. The speaker concludes by encouraging a discussion on dependency management practices within the Linux community.

Takeaways

😀 Arch Linux is often perceived as a bleeding-edge distribution, but it sometimes holds back updates, contrary to common belief.
😀 Proton Mail Bridge fails to start with QT6.8, while it works with QT6.7, indicating a compatibility issue with the new version.
😀 Reports of the issue with ProtonMail Bridge were confirmed by multiple users, including package maintainers on Arch Linux.
😀 QT6.8 is very new and not widely available on other distributions, which tend to be more stable.
😀 Downgrading to QT6.7 is a potential workaround, but it can lead to compatibility issues with other applications, particularly KDE.
😀 Proton Mail's developers have not been clear about the support for Arch Linux, even though they provide a package build for it.
😀 The version QT6.4.3 used to build Proton Bridge is end-of-life (EOL), raising security concerns.
😀 There is a misconception that outdated software can be stable, but it can introduce vulnerabilities.
😀 The communication from Proton's support failed to acknowledge the significance of using EOL software, focusing instead on distribution compatibility.
😀 Users can still access backend functionalities of ProtonMail Bridge even if the GUI fails, providing a temporary workaround.

Q & A

What is the primary issue discussed in relation to Proton Mail Bridge?
-The primary issue is that Proton Mail Bridge fails to start with QT6.8 on Arch Linux, leading to errors that did not occur with QT6.7.
Why is Arch Linux considered to be at the forefront of package updates?
-Arch Linux is a rolling release distribution, which means it updates its packages more frequently than other distributions like Ubuntu or Debian, thus adopting new software versions faster.
What does the term 'EOL' mean, and why is it significant in this context?
-'EOL' stands for 'End of Life,' indicating that software versions are no longer supported with updates or patches. Using EOL software can expose users to security vulnerabilities, as is the case with QT6.4.3 used by Proton Mail Bridge.
What recommendations did Proton support provide to users experiencing issues with Proton Mail Bridge?
-Proton support recommended downgrading to QT6.7, using supported distributions like Ubuntu or Fedora, or considering the Proton Mail desktop app that does not depend on QT.
How does the dependency management issue affect Arch Linux users specifically?
-The dependency management issue means that when QT versions are outdated or not properly managed, users on Arch may face compatibility problems with applications like Proton Mail Bridge, as they rely on the latest libraries.
What workaround did users discover for the issue with Proton Mail Bridge?
-Users found that even when the error pop-up occurs, the bridge still operates in the background, allowing them to send and receive emails despite the GUI issues.
Why is it problematic for developers to use an outdated version like QT6.4.3?
-Using an outdated version like QT6.4.3 is problematic because it not only lacks important updates and security patches but also may lead to compatibility issues with newer software versions, as seen with QT6.8.
What contradiction exists in Proton's claim about supporting distributions?
-Proton claims not to support Arch Linux, yet they provide a package build for it, suggesting that users can install Proton Mail Bridge on Arch, which contradicts their stance.
How does the conversation among users differ from typical developer complaints?
-The conversation is largely constructive and technical, focusing on finding solutions and discussing issues rather than expressing anger or hostility towards the developers.
What implications does the use of bundled dependencies have for Linux applications?
-Bundled dependencies can lead to inconsistencies and compatibility issues across different distributions, as it may prevent applications from using the system's updated libraries, potentially causing functionality problems.