Re: [Development] Security-relevant 3rd party components bundled with Qt

2023-03-09 Thread Marc Mutz via Development
On 20.09.22 14:47, Volker Hilsheimer wrote: [...] > https://wiki.qt.io/Third_Party_Code_in_Qt [...] Sorry for being late to the discussion, but a wiki page will _always_ be stale. And it cannot answer the question differently for different branches. When we started using SPDX, I thought it was

Re: [Development] Security-relevant 3rd party components bundled with Qt

2023-02-24 Thread Volker Hilsheimer via Development
t Sent: Friday, January 20, 2023 9:58 AM To: development@qt-project.org<mailto:development@qt-project.org> Subject: Re: [Development] Security-relevant 3rd party components bundled with Qt On 1 Nov 2022, at 09:55, Volker Hilsheimer via Development mailto:development@qt-project.org>> wrot

Re: [Development] Security-relevant 3rd party components bundled with Qt

2023-02-22 Thread Kai Köhne via Development
3rd party components bundled with Qt On 1 Nov 2022, at 09:55, Volker Hilsheimer via Development mailto:development@qt-project.org>> wrote: On 20 Sep 2022, at 14:47, Volker Hilsheimer mailto:volker.hilshei...@qt.io>> wrote: […] Those components should then be watched closer, an

Re: [Development] Security-relevant 3rd party components bundled with Qt

2023-01-20 Thread Volker Hilsheimer via Development
On 1 Nov 2022, at 09:55, Volker Hilsheimer via Development wrote: On 20 Sep 2022, at 14:47, Volker Hilsheimer wrote: […] Those components should then be watched closer, and always get updated to the latest version, perhaps even for patch releases. To that end, I’ve started to collect a list

Re: [Development] Security-relevant 3rd party components bundled with Qt

2022-11-01 Thread Volker Hilsheimer via Development
> On 20 Sep 2022, at 14:47, Volker Hilsheimer wrote: […] > Those components should then be watched closer, and always get updated to the > latest version, perhaps even for patch releases. To that end, I’ve started to > collect a list of such components on > >

Re: [Development] Security-relevant 3rd party components bundled with Qt

2022-10-12 Thread Volker Hilsheimer via Development
> On 7 Oct 2022, at 22:08, Robert Löhning via Development > wrote: > > Am 20.09.22 um 14:47 schrieb Volker Hilsheimer: >> Hi, >> Some of the 3rd party components we bundle in Qt are directly involved in >> code paths that are designed to process untrusted data. Following up on the >>

Re: [Development] Security-relevant 3rd party components bundled with Qt

2022-10-07 Thread Robert Löhning via Development
Am 20.09.22 um 14:47 schrieb Volker Hilsheimer: Hi, Some of the 3rd party components we bundle in Qt are directly involved in code paths that are designed to process untrusted data. Following up on the situation with freetype [1] and the discussion we had during summer [2], it would help

[Development] Security-relevant 3rd party components bundled with Qt

2022-09-20 Thread Volker Hilsheimer
Hi, Some of the 3rd party components we bundle in Qt are directly involved in code paths that are designed to process untrusted data. Following up on the situation with freetype [1] and the discussion we had during summer [2], it would help know which of the 3rd party components we bundle