[Development] Qt online SDK security problems

André Pönitz apoenitz at t-online.de
Thu Apr 18 12:54:15 CEST 2019


On Thu, Apr 18, 2019 at 10:24:24AM +0300, BogDan Vatra via Development
wrote:
> Hi,
> 
>   Long time ago the Qt online SDK used to help the users to use the
>   latest and the safest Qt version all the time.

There is no latest *and* safest version of any non-trivial code base
that's under active feature development no matter what Google,
Microsoft, Apple, ("long time ago" Nokia) say.

The approach to always update is popular because it's an easy way to
bundle items/features/changes/services that users otherwise might not
agree with, with "security" fixes that people have been trained to
accept.

When you mix feature development and security fixes you trade some known
problems which you can evaluate whether they affect or to not affect
your particular use case for a bag of unknown new problems which you
cannot evaluate since you do not know them.

That's security by obscurity at best.

Andre'


More information about the Development mailing list