On 30/04/16 12:22, "Development on behalf of Richard Moore" <development-bounces+lars.knoll=qt...@qt-project.org<mailto:development-bounces+lars.knoll=qt...@qt-project.org> on behalf of r...@kde.org<mailto:r...@kde.org>> wrote:
On 29 April 2016 at 20:14, Allan Sandfeld Jensen <k...@carewolf.com<mailto:k...@carewolf.com>> wrote: On Friday 29 April 2016, Thiago Macieira wrote: > See https://lists.clearlinux.org/pipermail/dev/2016-April/000290.html > > This is yet another reason we have to stop bundling third party components, > especially the image and movie formats. > > So I recommend dropping the libtiff 3rdparty component and keep the plugin > for when the system library is found. Our binaries should not include > libqtiff. Well, on Linux these libraries are nicely available on the system. But it does not help us on Windows, where we do have to ship these libraries if we want to provide something that's easy to use for our users/customers. So while I don't like us having copies of these libraries in our repositories, not shipping any support for these image formats in our packages is not a good option neither. Do you have any citations for these issues? TIFF is a pretty important format being the raw format of many if not most digital cameras. It also isn't a web format so the vectors of potential attacks are limited Isn't commonly used on the web, and can't be used on the web are different. Do we have code that prevents such usage? I'm not aware we even have an API to limit the set of image format plugins that would get loaded. No, there's currently no option to limit the image formats that are being loaded apart from not shipping the plugin. Cheers, Lars
_______________________________________________ Development mailing list Development@qt-project.org http://lists.qt-project.org/mailman/listinfo/development
