[Development] Qt online SDK security problems
Stottlemyer, Brett (B.S.)
bstottle at ford.com
Thu Apr 18 19:13:47 CEST 2019
On 4/18/19, 5:51 AM, "Development on behalf of André Pönitz" <development-bounces at qt-project.org on behalf of apoenitz at t-online.de> wrote:
There is no latest *and* safest version of any non-trivial code base
that's under active feature development no matter what Google,
Microsoft, Apple, ("long time ago" Nokia) say.
...
When you mix feature development and security fixes you trade some known
problems which you can evaluate whether they affect or to not affect
your particular use case for a bag of unknown new problems which you
cannot evaluate since you do not know them.
I agree if it relates to major releases, i.e., I wouldn't consider it an "update" from 5.12.3 to 5.13.0.
However, why are patch releases considered a new component instead of an update? Why do you need to "add a new component" from the installer to get 5.12.3 if you are on 5.12.2? If 5.12 were treated as a component, excluding the patch release, wouldn't new patch releases show up as updates and QtCreator could alert you when the update is available?
Regards,
Brett
More information about the Development
mailing list