[Development] Retiring libtiff too

Thiago Macieira thiago.macieira at intel.com
Mon May 2 17:52:00 CEST 2016


On segunda-feira, 2 de maio de 2016 10:46:53 PDT Lars Knoll wrote:
> Well, on Linux these libraries are nicely available on the system. But it
> does not help us on Windows, where we do have to ship these libraries if we
> want to provide something that's easy to use for our users/customers.

Let me question that: do we want to provide something easy which is a 
potential security hole? Even if we upgrade libtiff to the latest that fixes 
all issues, there will be more. How are we dealing with CVEs from our bundled 
third party, especially those that end up in our binaries? How are our users 
and your customers?
 
> So while I don't like us having copies of these libraries in our
> repositories, not shipping any support for these image formats in our
> packages is not a good option neither.
 
I kinda disagree. I would prefer an opt-in for those poeple.

> No, there's currently no option to limit the image formats that are being
> loaded apart from not shipping the plugin.

Aside from not including it. How are the qtimageformats packaged in our 
binaries? Are they installed automatically?

-- 
Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel Open Source Technology Center




More information about the Development mailing list