On 05/01/2021 20:35, Thiago Macieira wrote:
1) 3rd parties not getting updated for security bugsNon-issue. Qt does not update the third-party content because of security issues in that content itself and does not issue advisories for bundled third- party. Only when Qt's use of that third-party is a security issue.You should subscribe to the advisory feed for each and every third party you use in your code and update as needed.
So why do we even ship 3rd parties with Qt in the current form if we can't be bother to update them promptly (for bug fixes, security fixes, and the like)? Wouldn't it be better to just provide a script (cmake's external project, recipe, conan build file, vcpkg, choco, WHATEVER) so that the user can download the latest version of 3rd parties automatically? Or just NOT provide them and push the problem onto the user?
My 2 c, -- Giuseppe D'Angelo | [email protected] | Senior Software Engineer KDAB (France) S.A.S., a KDAB Group company Tel. France +33 (0)4 90 84 08 53, http://www.kdab.com KDAB - The Qt, C++ and OpenGL Experts
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Development mailing list [email protected] https://lists.qt-project.org/listinfo/development
