[Interest] Qt free software policy
Thiago Macieira
thiago.macieira at intel.com
Wed Aug 14 22:28:17 CEST 2019
On Wednesday, 14 August 2019 13:18:12 PDT André Pönitz wrote:
> On Wed, Aug 14, 2019 at 12:57:27PM -0700, Thiago Macieira wrote:
> > On Wednesday, 14 August 2019 12:09:02 PDT Roland Hughes wrote:
> > > If you do not need the latest bells and whistles, drop back to Qt 4.8
> >
> > No, don't. That is not receiving security fixes.
>
> To make this a valid line of reasoning you would need to provide
> an overview on what kind on issues have been found and fixed, what
> issues have been introduced, found and fixed, and estimates on
> what kind of issues have not been found so far, and perhaps even
> on the impact those issues have on typical usage patterns.
We get a division by zero. So I can claim 100% of the issues found weren't
fixed and be correct :-)
More seriously, the fact that no one is even checking to see if there are or
have been any issues is sufficient reason to declare insecure.
Do not use insecure software.
Stop using Qt 4.8 right now.
Stop using Python2 by the end of the year.
Stop using OpenSSL 1.0 by the end of year.
PS: Qt 5.12 will switch to OpenSSL 1.1 in the binary builds.
--
Thiago Macieira - thiago.macieira (AT) intel.com
Software Architect - Intel System Software Products
More information about the Interest
mailing list