[Development] Qt online SDK security problems

Eike Ziller Eike.Ziller at qt.io
Thu Apr 18 13:01:18 CEST 2019



> On 18. Apr 2019, at 10:37, BogDan Vatra via Development <development at qt-project.org> wrote:
> 
> Hi,
> 
> As I said, they still have the possibility to install a specific Qt version 
> and stick with it. The installer will not force them to use the latest 
> version! If some companies prefer to use outdated software which might have 
> security issues is their choice, what I'm asking is for an easy way for the 
> other companies/people to use the latest Qt versions.

>  One of the biggest problems when installing multiple Qt versions is that you 
> end-up with multiple Kits in QtCreator. Small projects can switch from one kit 
> to another very easy, but complex projects which need lots of custom qmake 
> params or custom Build/Run steps are not that easy to swicth to another Qt 
> version.

“Copy steps from another kit” from the context menu of the kit in Projects mode should alleviate that issue. If it doesn’t --> bugreports.qt.io ;)

>  Last but not least, it's a waste of disk space. Just ~/Qt/5.12.2 
> (android_arm64_v8a+android_armv7+gcc_64) installation has 1.7GB.
> 
> Cheers,
> BogDan.
> 
> În ziua de joi, 18 aprilie 2019, la 11:18:30 EEST, Maurice Kalinowski a scris:
>> Hey,
>> 
>> Disclaimer: I am not involved in the decision making process for this
>> update.
> 
>> However, one frequent feedback has been, that users (customers) did not like
>> the fact that the installer changed the specific Qt version "under the
>> hood".
> It was specifically requested that each user has to select the
>> version to use. This is related to the fact, that many companies decide on
>> one version and updating to a new one involves quite a lot of QA and other
>> processes. Only then, developers are allowed to switch to a newer version. 
>> This is (IIRC) why the installer switched to this approach.
>> 
>> I can see your point as well, especially when your project is flexible
>> enough to update dependencies. But that is not the case for many projects
>> out there.
> 
>> BR,
>> Maurice
>> 
>> 
>> 
>>> -----Original Message-----
>>> From: Development <development-bounces at qt-project.org> On Behalf Of
>>> BogDan Vatra via Development
>>> Sent: Thursday, April 18, 2019 9:24 AM
>>> To: development at qt-project.org
>>> Subject: [Development] Qt online SDK security problems
>>> 
>>> Hi,
>>> 
>>> 
>>>  Long time ago the Qt online SDK used to help the users to use the latest
>>>  and
>> 
>>> the safest Qt version all the time. Sadly that was changed, IMHO without
>>> too
> much thinking, and now a lot of users (I'm one of them) are stucked
>>> with outdated versions. A few days ago I installed 5.12.2 and today
>>> suprise is outdated again.  It’s just ridiculously, I have five 5.9.x,
>>> 5.10.0, two 5.11.x and three 5.12.x versions, but NONE is latest version!
>>> Not a single one! 
>>> 
>>>  I propose to go back to the good old times when the Qt online SDK was
>>>  safe
>>> 
>>> and helpful.
>>> 
>>> 
>>>  I'm not against to have a chooice to install a specific version, what
>>>  I'd like is
>> 
>>> to install e.g. 5.12 version and the online installer will update it with
>>> the latest
> 5.12.x version automatically.
>>> 
>>> If an user, for some reason, want's to install a specific version he can
>>> pick it
>> 
>>> from new "Archive" section.
>>> 
>>> 
>>>  As I commented in
>>>  https://blog.qt.io/blog/2019/04/11/updated-qt-installer-> > 
>>> released/,  as a Qt maintainer, I wonder quite often, if it's worth to
>>> spend
> time to fix bugs that will go in revision/micro versions as long
>>> as even I, as a Qt maintainer, don’t use them! I imagine that the
>>> percentage of Qt users that are using the latest Qt versions is very low…
>>> 
>>> 
>>>  Having said that, pretty please with sugar on top consider to add the
>>> 
>>> needed support to help the users to always use the latest and the safest
>>> Qt
> version.
>>> 
>>> 
>>> Cheers,
>>> BogDan.
>>> 
>>> 
>>> _______________________________________________
>>> Development mailing list
>>> Development at qt-project.org
>>> https://lists.qt-project.org/listinfo/development
> 
> 
> 
> _______________________________________________
> Development mailing list
> Development at qt-project.org
> https://lists.qt-project.org/listinfo/development

-- 
Eike Ziller
Principal Software Engineer

The Qt Company GmbH
Rudower Chaussee 13
D-12489 Berlin
eike.ziller at qt.io
http://qt.io
Geschäftsführer: Mika Pälsi,
Juha Varelius, Mika Harjuaho
Sitz der Gesellschaft: Berlin, Registergericht: Amtsgericht Charlottenburg, HRB 144331 B



More information about the Development mailing list