[Development] Qt online SDK security problems

Bogdan Vatra bogdan.vatra at kdab.com
Thu Apr 18 10:37:55 CEST 2019


Hi,

 As I said, they still have the possibility to install a specific Qt version 
and stick with it. The installer will not force them to use the latest 
version! If some companies prefer to use outdated software which might have 
security issues is their choice, what I'm asking is for an easy way for the 
other companies/people to use the latest Qt versions.
  One of the biggest problems when installing multiple Qt versions is that you 
end-up with multiple Kits in QtCreator. Small projects can switch from one kit 
to another very easy, but complex projects which need lots of custom qmake 
params or custom Build/Run steps are not that easy to swicth to another Qt 
version.
  Last but not least, it's a waste of disk space. Just ~/Qt/5.12.2 
(android_arm64_v8a+android_armv7+gcc_64) installation has 1.7GB.

Cheers,
BogDan.

În ziua de joi, 18 aprilie 2019, la 11:18:30 EEST, Maurice Kalinowski a scris:
> Hey,
> 
> Disclaimer: I am not involved in the decision making process for this
> update.
 
> However, one frequent feedback has been, that users (customers) did not like
> the fact that the installer changed the specific Qt version "under the
> hood".
 It was specifically requested that each user has to select the
> version to use. This is related to the fact, that many companies decide on
> one version and updating to a new one involves quite a lot of QA and other
> processes. Only then, developers are allowed to switch to a newer version. 
> This is (IIRC) why the installer switched to this approach.
> 
> I can see your point as well, especially when your project is flexible
> enough to update dependencies. But that is not the case for many projects
> out there.
 
> BR,
> Maurice
> 
> 
> 
> > -----Original Message-----
> > From: Development <development-bounces at qt-project.org> On Behalf Of
> > BogDan Vatra via Development
> > Sent: Thursday, April 18, 2019 9:24 AM
> > To: development at qt-project.org
> > Subject: [Development] Qt online SDK security problems
> > 
> > Hi,
> > 
> > 
> >   Long time ago the Qt online SDK used to help the users to use the latest
> >   and
> 
> > the safest Qt version all the time. Sadly that was changed, IMHO without
> > too
 much thinking, and now a lot of users (I'm one of them) are stucked
> > with outdated versions. A few days ago I installed 5.12.2 and today
> > suprise is outdated again.  It’s just ridiculously, I have five 5.9.x,
> > 5.10.0, two 5.11.x and three 5.12.x versions, but NONE is latest version!
> > Not a single one! 
> > 
> >   I propose to go back to the good old times when the Qt online SDK was
> >   safe
> > 
> > and helpful.
> > 
> > 
> >   I'm not against to have a chooice to install a specific version, what
> >   I'd like is
> 
> > to install e.g. 5.12 version and the online installer will update it with
> > the latest
 5.12.x version automatically.
> > 
> >  If an user, for some reason, want's to install a specific version he can
> >  pick it
> 
> > from new "Archive" section.
> > 
> > 
> >   As I commented in
> >   https://blog.qt.io/blog/2019/04/11/updated-qt-installer-> > 
> > released/,  as a Qt maintainer, I wonder quite often, if it's worth to
> > spend
 time to fix bugs that will go in revision/micro versions as long
> > as even I, as a Qt maintainer, don’t use them! I imagine that the
> > percentage of Qt users that are using the latest Qt versions is very low…
> > 
> > 
> >   Having said that, pretty please with sugar on top consider to add the
> > 
> > needed support to help the users to always use the latest and the safest
> > Qt
 version.
> > 
> > 
> > Cheers,
> > BogDan.
> > 
> > 
> > _______________________________________________
> > Development mailing list
> > Development at qt-project.org
> > https://lists.qt-project.org/listinfo/development






More information about the Development mailing list