[Development] QtCS 2018: Third-party and security policy

Lisandro Damián Nicanor Pérez Meyer perezmeyer at gmail.com
Fri Jul 13 16:49:47 CEST 2018


El viernes, 13 de julio de 2018 10:59:09 -03 Mårten Nordheim escribió:
> On 05.07.2018 16:48, Thiago Macieira wrote:
> > On Thursday, 5 July 2018 01:56:43 PDT Kai Koehne wrote:
> >> PS: Notes from the session at the Qt Contributor Summit are available at
> >> https://wiki.qt.io/QtCS2018_Third-Party_Sources_Policy_and_Security
> > 
> > Thanks Kai.
> > 
> > Do we have a volunteer to trial out vcpkg and explain to the rest of us
> > how it would work for Qt? Will it be invisible to our users and
> > ourselves? Note how Linux distros don't have it nor does Homebrew on Mac.
> 
> I implemented a POC here: https://codereview.qt-project.org/#/c/234478/
> 
> I'm not sure if this is what people had in mind (e.g. installing
> dependencies during configure), but it works at the moment for what I've
> tested it for.

I understand this as: at configure time download 3rdparty code.

From a distro's point of view, if the download can be disabled that's a pretty 
nice thing to have, because it would mean (and please do correct me if I'm 
wrong) that Qt tarballs will not bundle 3rdparty code. Or will bundle less of 
it.


-- 
 1: Una computadora sirve:
    * Para tratar de dominar el mundo, un caso conocido de esto fue el de
      Skinet
    Damian Nadales
    http://mx.grulic.org.ar/lurker/message/20080307.141449.a70fb2fc.es.html

Lisandro Damián Nicanor Pérez Meyer
http://perezmeyer.com.ar/
http://perezmeyer.blogspot.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.qt-project.org/pipermail/development/attachments/20180713/a9929823/attachment.sig>


More information about the Development mailing list