[Development] Commercial-only LTS phase starts: Closing the 5.15 branch(es) on 5th January
Kai Köhne
Kai.Koehne at qt.io
Tue Jan 12 12:32:14 CET 2021
> -----Original Message-----
> [...]
> So why do we even ship 3rd parties with Qt in the current form if we
> can't be bother to update them promptly (for bug fixes, security fixes, and the like)?
> Wouldn't it be better to just provide a script (cmake's external
> project, recipe, conan build file, vcpkg, choco, WHATEVER) so that the
> user can download the latest version of 3rd parties automatically? Or
> just NOT provide them and push the problem onto the user?
Using a dependency manager is actually the plan: https://bugreports.qt.io/browse/QTBUG-73760 . Last year we looked into Conan for some third-party code, but didn't follow through on it yet, mostly due to just too many other things on the plate ...
Note however, that most of the third-party code we have right now are not standalone libraries that can easily be maintained and built outside of Qt. So https://doc.qt.io/qt-6/licenses-used-in-qt.html will still be a significant list for the foreseeable future, and we should treat security issues in them the same way we treat security issues in Qt code.
Regards
Kai
PS: Giuseppe, something in your mails tells Outlook to only to reply to you personally, and not to the list, even if I use Reply to All. Other mails are not affected...
More information about the Development
mailing list