[Development] Qt online SDK security problems

Stottlemyer, Brett (B.S.) bstottle at ford.com
Thu Apr 18 19:13:47 CEST 2019

On 4/18/19, 5:51 AM, "Development on behalf of André Pönitz" <development-bounces at qt-project.org on behalf of apoenitz at t-online.de> wrote:

    There is no latest *and* safest version of any non-trivial code base
    that's under active feature development no matter what Google,
    Microsoft, Apple, ("long time ago" Nokia) say.
    When you mix feature development and security fixes you trade some known
    problems which you can evaluate whether they affect or to not affect
    your particular use case for a bag of unknown new problems which you
    cannot evaluate since you do not know them.
I agree if it relates to major releases, i.e., I wouldn't consider it an "update" from 5.12.3 to 5.13.0.

However, why are patch releases considered a new component instead of an update?  Why do you need to "add a new component" from the installer to get 5.12.3 if you are on 5.12.2?  If 5.12 were treated as a component, excluding the patch release, wouldn't new patch releases show up as updates and QtCreator could alert you when the update is available?


More information about the Development mailing list