[Development] Changes to Qt offering
Thiago Macieira
thiago.macieira at intel.com
Wed Jan 29 18:05:11 CET 2020
On Wednesday, 29 January 2020 00:52:00 PST Cristián Maureira-Fredes wrote:
> Since TQtC has commercial costumers, we will internally fork
> the latest bug fix release, and will start adding patches on
> top of that on request of the costumers, but hey! all those
> patches will be on Gerrit, so if they are important for your work,
> you can just cherry pick them to your local Qt and re-build.
The big question is knowing *which* patches those are. I don't suppose TQtC
will make it easy for the rest of us to find that out, since that would make
it too easy for someone to maintain a fork and thus undermine the LTS
business.
> I think nobody at Qt will be so irresponsible of not notifying
> security patches, and I'm certain we will work around this issue,
> to maybe distributed in a better way for Open Source users.
I can categorically say that security fixes *to* *Qt* will not be affected. Qt
Project Security Policy has not changed.
Security fixes to third-party components found inside Qt that have an
equivalent -system-xxx option on configure are not covered by the Security
Policy. We have not and do not plan to make Qt releases or publish security
advisories about them. All users of Qt are required to directly monitor these
dependencies and update as needed (I highly recommend ALWAYS using
-system-xxx[1]).
If TQtC wants to offer an additional service to their commercial users on
doing that monitoring and updating, it's up to them.
[1] note how the binary downloads don't use them due to DLL hell and other
issues. I really recommend rebuilding everything from sources for your
official releases.
--
Thiago Macieira - thiago.macieira (AT) intel.com
Software Architect - Intel System Software Products
More information about the Development
mailing list