Hi, Short after Qt 6.8.2 was released I reported https://bugreports.qt.io/browse/QTBUG-133397
The issues is that the submodule qttools/src/assistant/qlitehtml <https://code.qt.io/cgit/qt/qttools.git/tree/.gitmodules?h=6.8.2> is using a relative path: ../../playground/qlitehtml.git Because of qtlitehtml repo is under playground/ and not under qt/ directory, this relative path is meaningless almost everywhere except on code.qt.io. In particular on github.com, it points to https://github.com/playground/qlitehtml.git The issue is that anyone controlling the https://github.com/playground account is able to have Qt users checkout their own qlitehtml repo, with potentially malicious changes. Luckily for now the repo https://github.com/playground/qlitehtml.git does not exist and the cloning process fails (which is already bad on its own). Right now I would advocate for moving qlitehtml repo from playground to qt and take proper action so that developers cloning Qt from github.com, or other online git services, do not end up cloning repos from random 3rd parties. In the long term, there should be rules and checks put in place to ensure submodules in qt repos do not use relative urls to points to repos outside of the qt/ directory. Regards, Benjamin Terrier
-- Development mailing list Development@qt-project.org https://lists.qt-project.org/listinfo/development