On 20.09.22 14:47, Volker Hilsheimer wrote:
[...]
> https://wiki.qt.io/Third_Party_Code_in_Qt
[...]
Sorry for being late to the discussion, but a wiki page will _always_ be
stale. And it cannot answer the question differently for different branches.
When we started using SPDX, I thought it was
t
Sent: Friday, January 20, 2023 9:58 AM
To: development@qt-project.org<mailto:development@qt-project.org>
Subject: Re: [Development] Security-relevant 3rd party components bundled with
Qt
On 1 Nov 2022, at 09:55, Volker Hilsheimer via Development
mailto:development@qt-project.org>> wrot
3rd party components bundled with
Qt
On 1 Nov 2022, at 09:55, Volker Hilsheimer via Development
mailto:development@qt-project.org>> wrote:
On 20 Sep 2022, at 14:47, Volker Hilsheimer
mailto:volker.hilshei...@qt.io>> wrote:
[…]
Those components should then be watched closer, an
On 1 Nov 2022, at 09:55, Volker Hilsheimer via Development
wrote:
On 20 Sep 2022, at 14:47, Volker Hilsheimer wrote:
[…]
Those components should then be watched closer, and always get updated to the
latest version, perhaps even for patch releases. To that end, I’ve started to
collect a list
> On 20 Sep 2022, at 14:47, Volker Hilsheimer wrote:
[…]
> Those components should then be watched closer, and always get updated to the
> latest version, perhaps even for patch releases. To that end, I’ve started to
> collect a list of such components on
>
>
> On 7 Oct 2022, at 22:08, Robert Löhning via Development
> wrote:
>
> Am 20.09.22 um 14:47 schrieb Volker Hilsheimer:
>> Hi,
>> Some of the 3rd party components we bundle in Qt are directly involved in
>> code paths that are designed to process untrusted data. Following up on the
>>
Am 20.09.22 um 14:47 schrieb Volker Hilsheimer:
Hi,
Some of the 3rd party components we bundle in Qt are directly involved in code
paths that are designed to process untrusted data. Following up on the
situation with freetype [1] and the discussion we had during summer [2], it
would help
Hi,
Some of the 3rd party components we bundle in Qt are directly involved in code
paths that are designed to process untrusted data. Following up on the
situation with freetype [1] and the discussion we had during summer [2], it
would help know which of the 3rd party components we bundle