On Tuesday, 25 June 2019 18:08:28 PDT Thiago Macieira wrote: > > Are you worried about the lack of security patches? I can see how that > > matters for an ordinary browser implemented with Qt, but for Assistant > > and Creator that exclusively display locally installed generated > > compressed help files, security concerns are a lot lower. > > Sure, but the fact that Qt Creator is using it could lead people to trying > for a web browser. > > Not to mention that even if Qt's help documents are safe, other documents > you may want to view may not be so.
Actually, let me be even more clear: shipping software with known security issues that have been fixed elsewhere is unacceptable. Please don't try to say "but this code isn't used in this application", it's very hard to prove that and obtain security exceptions in many companies. At Intel, we simply can't. If Qt Creator begins depending on a version of a web engine that has open security issues whose fixes are available but not applied, we cannot ship it in our Linux distribution (Clear Linux). Other Linux distributions may have similar policies. If the affected code isn't exercised, please prove so by removing the code from the build. This is usually more effort than applying the fix. -- Thiago Macieira - thiago.macieira (AT) intel.com Software Architect - Intel System Software Products _______________________________________________ Development mailing list Development@qt-project.org https://lists.qt-project.org/listinfo/development