[Development] Qt online SDK security problems

André Pönitz apoenitz at t-online.de
Thu Apr 18 13:43:32 CEST 2019


On Thu, Apr 18, 2019 at 10:24:24AM +0300, BogDan Vatra via Development
wrote:
> [...]
>   As I commented in
>   https://blog.qt.io/blog/2019/04/11/updated-qt-installer-released/,
>   as a Qt maintainer, I wonder quite often, if it's worth to spend
>   time to fix bugs that will go in revision/micro versions as long as
>   even I, as a Qt maintainer, don’t use them!

That's actually a valid point where I also see a shortcoming of the
current branching/releasing policy. It should not be the primary
concern for a contributor to find out which is the Right Branch for a
change, especially since the rules about that are so fluffy that the
result essentially depends on the time and actual people that happen to
review the change, or when the situation in the affected area in the
"best" target branch require special knowledge occasional contributors
cannot be expected to have.

I think it would make sense to truly split responsibilities here,
i.e. land a change in "oldest reasonably uncontroversial" branch
and let peoples with special interest (e.g. LTS) take care of
porting that to their favorite branch.

But we had this discussion before, and I think it's mostly
orthogonal to the question on what versions should be offered
in the online installer and how they should be presented there.

Andre'

PS:

> I imagine that the percentage of Qt users that are using the latest
> Qt versions is very low…

I imagine the opposite. There are a lot of "corner cases" which I
assume to sum up to the majority here. My "System Qt" e.g. is labeled
5.9.5 here.


More information about the Development mailing list