Re: [Development] Proposing QUIP-23: Qt-Security header in source code files

> On 4 Nov 2024, at 12:39, Volker Hilsheimer via Development > wrote: >> On 19 Aug 2024, at 14:12, Dimitrios Apostolou via Development >> wrote: >> >> Reminder that this QUIP is still open for feedback: >> >> https://codereview.qt-project.org/c/meta/quips/+/575276 >> >> Concerns have been ad

Re: [Development] Proposing QUIP-23: Qt-Security header in source code files

> On 19 Aug 2024, at 14:12, Dimitrios Apostolou via Development > wrote: > > Reminder that this QUIP is still open for feedback: > > https://codereview.qt-project.org/c/meta/quips/+/575276 > > Concerns have been addressed and further feedback is welcome here or on > codereview. > > Regards

Re: [Development] Proposing QUIP-23: Qt-Security header in source code files

Reminder that this QUIP is still open for feedback: https://codereview.qt-project.org/c/meta/quips/+/575276 Concerns have been addressed and further feedback is welcome here or on codereview. Regards, Dimitris -- Development mailing list Development@qt-project.org https://lists.qt-project.or

Re: [Development] Proposing QUIP-23: Qt-Security header in source code files

> On 11 Jul 2024, at 15:51, Giuseppe D'Angelo wrote: > > On 11/07/2024 15:21, Volker Hilsheimer wrote: >> For many APIs, application code provides the data (perhaps indirectly), >> e.g. to QDateTime::fromString. In that case we can assume that the >> application had at least some chance to scru

Re: [Development] Proposing QUIP-23: Qt-Security header in source code files

On 11/07/2024 15:21, Volker Hilsheimer wrote: For many APIs, application code provides the data (perhaps indirectly), e.g. to QDateTime::fromString. In that case we can assume that the application had at least some chance to scrub the input, or at the very least control where that string comes fr

Re: [Development] Proposing QUIP-23: Qt-Security header in source code files

> On 11 Jul 2024, at 13:26, Giuseppe D'Angelo via Development > wrote: > > On 10/07/2024 19:08, Kai Köhne via Development wrote: >> That's a lot of questions. But a lot comes down to: Can we agree on parts of >> Qt that are more critical and, therefore, should be subject to additional >> secur

Re: [Development] Proposing QUIP-23: Qt-Security header in source code files

Giuseppe D'Angelo via Development Date: Thursday, 11. July 2024 at 14.30 To: development@qt-project.org Subject: Re: [Development] Proposing QUIP-23: Qt-Security header in source code files On 10/07/2024 19:08, Kai Köhne via Development wrote: > That's a lot of questions. But a lot

Re: [Development] Proposing QUIP-23: Qt-Security header in source code files

On 10/07/2024 19:08, Kai Köhne via Development wrote: That's a lot of questions. But a lot comes down to: Can we agree on parts of Qt that are more critical and, therefore, should be subject to additional security (in terms of approvers, coding standards, fuzzing ...)? And can we then document

Re: [Development] Proposing QUIP-23: Qt-Security header in source code files

_ From: Development on behalf of Dimitrios Apostolou via Development Sent: Wednesday, July 10, 2024 1:06 To: development@qt-project.org Subject: [Development] Proposing QUIP-23: Qt-Security header in source code files Hello list, on behalf of the Qt Company, I would like to

[Development] Proposing QUIP-23: Qt-Security header in source code files

Hello list, on behalf of the Qt Company, I would like to propose a new single-line comment header for the Qt source code. The syntax is: // Qt-Security score:N reason:some-reason [labels:label1,label2] The idea is to mark files with code where bugs are more likely to cause security issues