[Development] Assistant WebKit/WebEngine support
Thiago Macieira
thiago.macieira at intel.com
Wed Jun 26 03:17:31 CEST 2019
On Tuesday, 25 June 2019 18:08:28 PDT Thiago Macieira wrote:
> > Are you worried about the lack of security patches? I can see how that
> > matters for an ordinary browser implemented with Qt, but for Assistant
> > and Creator that exclusively display locally installed generated
> > compressed help files, security concerns are a lot lower.
>
> Sure, but the fact that Qt Creator is using it could lead people to trying
> for a web browser.
>
> Not to mention that even if Qt's help documents are safe, other documents
> you may want to view may not be so.
Actually, let me be even more clear: shipping software with known security
issues that have been fixed elsewhere is unacceptable. Please don't try to
say "but this code isn't used in this application", it's very hard to prove
that and obtain security exceptions in many companies.
At Intel, we simply can't. If Qt Creator begins depending on a version of a
web engine that has open security issues whose fixes are available but not
applied, we cannot ship it in our Linux distribution (Clear Linux). Other
Linux distributions may have similar policies.
If the affected code isn't exercised, please prove so by removing the code
from the build. This is usually more effort than applying the fix.
--
Thiago Macieira - thiago.macieira (AT) intel.com
Software Architect - Intel System Software Products
More information about the Development
mailing list