On quarta-feira, 27 de abril de 2016 02:10:09 PDT Jake Petroules wrote: > If we can simply update libmng and recompile against the new version then we > should do so immediately!
I still vote for carrying fewer dependencies, especially those that try to read external files and may be used on untrusted files. For each and every 3rdparty dependency we bundle or ship a binary for, we should have a security champion who follows security announcements for that 3rd party source and updates our copy and binaries. Especially for the LTS release. -- Thiago Macieira - thiago.macieira (AT) intel.com Software Architect - Intel Open Source Technology Center _______________________________________________ Development mailing list Development@qt-project.org http://lists.qt-project.org/mailman/listinfo/development