[Development] QtCS 2018: Third-party and security policy

[Kai Koehne]

Hi,

I've been creating https://codereview.qt-project.org/#/c/233962/2 to pin down what I assume is consensus so far. This is an update to QUIP-4 (https://quips-qt-io.herokuapp.com/quip-0004.html), which regulates how we handle Third-Party Components in Qt.

I also added a paragraph that all newly reported known security vulnerabilities in Third-Party Modules should go through the Qt Project security mailing list. 

Kai

PS: Notes from the session at the Qt Contributor Summit are available at https://wiki.qt.io/QtCS2018_Third-Party_Sources_Policy_and_Security


> -----Original Message-----
> From: Development [mailto:development-bounces+kai.koehne=qt.io at qt-
> project.org] On Behalf Of Thiago Macieira
> Sent: Monday, June 11, 2018 1:18 PM
> To: development at qt-project.org
> Subject: Re: [Development] QtCS 2018: Third-party and security policy
> 
> On Monday, 11 June 2018 10:56:42 CEST EXT Eike Ziller wrote:
> > If we are about to release Qt Creator with LLVM/Clang 6.0, and
> > LLVM/Clang
> > 6.1 is released, this has good chances to introduce bugs. Aside from
> > that, updating the binaries that we ship is an effort, since they are
> > profile optimized etc etc. If instead LLVM/Clang 7.0 should be
> > released, Qt Creator might not even compile anymore. The probability
> > that some functionality is broken increases even more. After we fix
> > all these issues (it’s 1-2 weeks later now than the original schedule), a new
> version of sqlite is released.
> 
> Good point about chasing a moving target.
> 
> --
> Thiago Macieira - thiago.macieira (AT) intel.com
>   Software Architect - Intel Open Source Technology Center
> 
> 
> 
> _______________________________________________
> Development mailing list
> Development at qt-project.org
> http://lists.qt-project.org/mailman/listinfo/development