[Development] Changes to Qt offering

Thiago Macieira thiago.macieira at intel.com
Wed Jan 29 18:05:11 CET 2020

On Wednesday, 29 January 2020 00:52:00 PST Cristián Maureira-Fredes wrote:
> Since TQtC has commercial costumers, we will internally fork
> the latest bug fix release, and will start adding patches on
> top of that on request of the costumers, but hey! all those
> patches will be on Gerrit, so if they are important for your work,
> you can just cherry pick them to your local Qt and re-build.

The big question is knowing *which* patches those are. I don't suppose TQtC 
will make it easy for the rest of us to find that out, since that would make 
it too easy for someone to maintain a fork and thus undermine the LTS 

> I think nobody at Qt will be so irresponsible of not notifying
> security patches, and I'm certain we will work around this issue,
> to maybe distributed in a better way for Open Source users.

I can categorically say that security fixes *to* *Qt* will not be affected. Qt 
Project Security Policy has not changed.

Security fixes to third-party components found inside Qt that have an 
equivalent -system-xxx option on configure are not covered by the Security 
Policy. We have not and do not plan to make Qt releases or publish security 
advisories about them. All users of Qt are required to directly monitor these 
dependencies and update as needed (I highly recommend ALWAYS using 

If TQtC wants to offer an additional service to their commercial users on 
doing that monitoring and updating, it's up to them.

[1] note how the binary downloads don't use them due to DLL hell and other 
issues. I really recommend rebuilding everything from sources for your 
official releases.
Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel System Software Products

More information about the Development mailing list