On Wednesday, 27 July 2022 05:20:59 PDT Giuseppe D'Angelo via Development wrote: > Does this mean that the currently available opensource binary downloads > (through the official installer) of Qt 5.15(.2) and 6.2 are affected by > the CVE and will not get fixed? > > Should they just be removed from the online installers?
Follow the same rule as 6.1. If 6.1 is there, then so should 6.2 be. If that one is not there, then remove 6.2 too. There is sense in having access to historical, out-of-support and potentially security-vulnerable software, so long as it's clear that is the case. BTW, this is why we started the discussion on third-parties. If we had freetype as a separate DLL, upgrading that one would solve the problem for everything. -- Thiago Macieira - thiago.macieira (AT) intel.com Cloud Software Architect - Intel DCAI Cloud Engineering _______________________________________________ Development mailing list Development@qt-project.org https://lists.qt-project.org/listinfo/development