On Saturday, 9 June 2018 16:38:46 IST EXT Marco Bubke wrote: > So what about some embedded scenario. What is a system library in that > sense. If people ship their own binary it's not part of Qt anymore. So it's > their problem but for the user it's still a problem and by a high > probability you introduced an out dated library. Would it not be better to > ship it as part of Qt in that context to make the life of the embedded > developer easier?
We'll talk about it on Monday, as this is also the case for TinyCBOR. I designed it so it would be #include'd in other sources. > > 3) Qt Project sources receive a patch for a security fix in a library that > > cannot be built as a system library. That's the case of the bundled > > FreeBSD > > sources or TinyCBOR or right now with Qt Creator's sqlite. We do this > > within one week of the fix, even if it is high Summer in Finland. All > > releases after this point will contain the patched version. > > That is a security fix? If there is an securifix for Sqlite but this not > applicable for Qt Creator, should any action be taken? Actually it is hard > to imagine any security related problem in this context. We should follow > here a reasonable instead of a fundamental approach. In that sense we > should distinguish between different Qt Project software packages. Good points for discussion. I'll forego giving my comments now. -- Thiago Macieira - thiago.macieira (AT) intel.com Software Architect - Intel Open Source Technology Center _______________________________________________ Development mailing list Development@qt-project.org http://lists.qt-project.org/mailman/listinfo/development