[Development] Retiring libtiff too
Thiago Macieira
thiago.macieira at intel.com
Mon May 2 17:52:00 CEST 2016
On segunda-feira, 2 de maio de 2016 10:46:53 PDT Lars Knoll wrote:
> Well, on Linux these libraries are nicely available on the system. But it
> does not help us on Windows, where we do have to ship these libraries if we
> want to provide something that's easy to use for our users/customers.
Let me question that: do we want to provide something easy which is a
potential security hole? Even if we upgrade libtiff to the latest that fixes
all issues, there will be more. How are we dealing with CVEs from our bundled
third party, especially those that end up in our binaries? How are our users
and your customers?
> So while I don't like us having copies of these libraries in our
> repositories, not shipping any support for these image formats in our
> packages is not a good option neither.
I kinda disagree. I would prefer an opt-in for those poeple.
> No, there's currently no option to limit the image formats that are being
> loaded apart from not shipping the plugin.
Aside from not including it. How are the qtimageformats packaged in our
binaries? Are they installed automatically?
--
Thiago Macieira - thiago.macieira (AT) intel.com
Software Architect - Intel Open Source Technology Center
More information about the Development
mailing list