[Development] Commercial-only LTS phase starts: Closing the 5.15 branch(es) on 5th January
Giuseppe D'Angelo
giuseppe.dangelo at kdab.com
Tue Jan 12 11:46:23 CET 2021
On 05/01/2021 20:35, Thiago Macieira wrote:
>> 1) 3rd parties not getting updated for security bugs
> Non-issue. Qt does not update the third-party content because of security
> issues in that content itself and does not issue advisories for bundled third-
> party. Only when Qt's use of that third-party is a security issue.
>
> You should subscribe to the advisory feed for each and every third party you
> use in your code and update as needed.
>
So why do we even ship 3rd parties with Qt in the current form if we
can't be bother to update them promptly (for bug fixes, security fixes,
and the like)? Wouldn't it be better to just provide a script (cmake's
external project, recipe, conan build file, vcpkg, choco, WHATEVER) so
that the user can download the latest version of 3rd parties
automatically? Or just NOT provide them and push the problem onto the user?
My 2 c,
--
Giuseppe D'Angelo | giuseppe.dangelo at kdab.com | Senior Software Engineer
KDAB (France) S.A.S., a KDAB Group company
Tel. France +33 (0)4 90 84 08 53, http://www.kdab.com
KDAB - The Qt, C++ and OpenGL Experts
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4329 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.qt-project.org/pipermail/development/attachments/20210112/dc273ddb/attachment.bin>
More information about the Development
mailing list