Hello,

On 07/12/2023 09:50, Ville Voutilainen wrote:
Well, this is straightforward in the sense that QNX doesn't support
openssl3 yet.
Dropping OpenSSL1 support is dropping support for TLS on QNX, and we don't
want to do that.

Sure, this is the premise of my mail, revert the change.

What about the rest?

* For how long is QNX going to support OpenSSL 1? Is OpenSSL 3 support on the radar? Is there an online resource showing their commitment at maintaining it? Is there the possibility of just building+shipping OpenSSL 3 outside of what it's provided by the base OS?

* For how long are *we* going to support QNX and OpenSSL 1 on there?

* What about other platforms?

* Can we put this "contract" in the docs?


I don't quite follow why the revert "must" include making OpenSSL1
entirely an opt-in.
That doesn't change anything in how we build our release packages, at
the end of the day.
Innocent users should just build with an OpenSSL3-enabled system.

Innocent users may have their own build scripts that pull OpenSSL 1 and build Qt against that, without realizing that they're playing with fire. We should never expose users to insecure defaults, hence the opt-in flag, and a build error if you ask for autodetection and only OpenSSL 1 is found.

Thank you,
--
Giuseppe D'Angelo | giuseppe.dang...@kdab.com | Senior Software Engineer
KDAB (France) S.A.S., a KDAB Group company
Tel. France +33 (0)4 90 84 08 53, http://www.kdab.com
KDAB - Trusted Software Excellence

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

-- 
Development mailing list
Development@qt-project.org
https://lists.qt-project.org/listinfo/development

Reply via email to