[Development] Removal/deprecation of OpenSSL 1 in Qt
Giuseppe D'Angelo
giuseppe.dangelo at kdab.com
Thu Dec 7 16:11:40 CET 2023
Il 07/12/23 13:55, Kevin Kofler via Development ha scritto:
> Why is that Qt's problem? Qt does not and cannot check that all security
> updates for all dependencies have been applied, even when using a branch
> supported by upstream, so I do not see why this case would be any different.
Because
1) Qt should never use unsafe 3rdparty dependencies;
2) this is different code from the supported version. We're choosing to
keep and maintain code, in Qt, in order to support a library that has
reached EOL;
3) OpenSSL is by far the most security-sensitive code that we use.
My 2 c,
--
Giuseppe D'Angelo | giuseppe.dangelo at kdab.com | Senior Software Engineer
KDAB (France) S.A.S., a KDAB Group company
Tel. France +33 (0)4 90 84 08 53, http://www.kdab.com
KDAB - Trusted Software Excellence
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4244 bytes
Desc: Firma crittografica S/MIME
URL: <http://lists.qt-project.org/pipermail/development/attachments/20231207/c2d1a0c5/attachment.bin>
More information about the Development
mailing list