[Interest] QtWebkit error while building Qt5.12.7 sources
Konstantin Tokarev
annulen at yandex.ru
Thu Feb 20 00:16:47 CET 2020
20.02.2020, 01:54, "Thiago Macieira" <thiago.macieira at intel.com>:
> On Wednesday, 19 February 2020 09:04:32 PST Konstantin Tokarev wrote:
>> That's correct, most of the work in last year is targeted to a new branch
>> with updated WebKit. However, 5.212 serves its job well, it's compatible
>> with current Qt and is at least is strictly better than 5.9 in terms of
>> bugs, features and security. Of course, it should be used with caution on
>> untrusted content, because of possible security issues.
>
> Strictly better than 5.5, you mean.
No, than https://code.qt.io/cgit/qt/qtwebkit.git/log/?h=5.9
There is no valid use case for 5.5 tags now, as I pointed out in my other reply.
>
> Yes, it is. But that's like saying that an open backyard door in your house is
> better than an open front door. It is, but it's also unacceptably insecure.
>
> I guess that if you control the HTML & JS content, never downloading from the
> network, maybe that's acceptable, though.
If you consider Qt implementation of network stack secure enough [1], downloading
content from server controlled by the same party via HTTPS with proper certificate
validation can be considered secure as well.
Another possible case is use in sufficiently isolated environment or device without
access to sensitive data.
[1] Including dependencies like OpenSSL
--
Regards,
Konstantin
More information about the Interest
mailing list