Il 07/12/23 13:55, Kevin Kofler via Development ha scritto:
Why is that Qt's problem? Qt does not and cannot check that all security updates for all dependencies have been applied, even when using a branch supported by upstream, so I do not see why this case would be any different.
Because 1) Qt should never use unsafe 3rdparty dependencies;2) this is different code from the supported version. We're choosing to keep and maintain code, in Qt, in order to support a library that has reached EOL;
3) OpenSSL is by far the most security-sensitive code that we use. My 2 c, -- Giuseppe D'Angelo | giuseppe.dang...@kdab.com | Senior Software Engineer KDAB (France) S.A.S., a KDAB Group company Tel. France +33 (0)4 90 84 08 53, http://www.kdab.com KDAB - Trusted Software Excellence
smime.p7s
Description: Firma crittografica S/MIME
-- Development mailing list Development@qt-project.org https://lists.qt-project.org/listinfo/development
