[Development] Assistant WebKit/WebEngine support

Thiago Macieira thiago.macieira at intel.com
Wed Jun 26 03:17:31 CEST 2019


On Tuesday, 25 June 2019 18:08:28 PDT Thiago Macieira wrote:
> > Are you worried about the lack of security patches? I can see how that
> > matters for an ordinary browser implemented with Qt, but for Assistant
> > and Creator that exclusively display locally installed generated
> > compressed help files, security concerns are a lot lower.
> 
> Sure, but the fact that Qt Creator is using it could lead people to trying
> for a web browser.
> 
> Not to mention that even if Qt's help documents are safe, other documents
> you may want to view may not be so.

Actually, let me be even more clear: shipping software with known security 
issues that have been fixed elsewhere is unacceptable.  Please don't try to 
say "but this code isn't used in this application", it's very hard to prove 
that and obtain security exceptions in many companies.

At Intel, we simply can't. If Qt Creator begins depending on a version of a 
web engine that has open security issues whose fixes are available but not 
applied, we cannot ship it in our Linux distribution (Clear Linux). Other 
Linux distributions may have similar policies.

If the affected code isn't exercised, please prove so by removing the code 
from the build. This is usually more effort than applying the fix.

-- 
Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel System Software Products





More information about the Development mailing list