[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Security updates for bundled copies of libraries in Qt
|
From: |
Mark H Weaver |
|
Subject: |
Security updates for bundled copies of libraries in Qt |
|
Date: |
Sun, 02 Aug 2015 15:24:18 -0400 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) |
Andreas Enge <address@hidden> writes:
> In any case, feel free to implement a more modular qt, for me
> this is not a priority.
Fair enough, but consider this: IMO, the most severe problem with using
bundled copies of libraries has to do with security updates. We have
yet to develop a security policy, but in my opinion we should not allow
software with known security flaws to remain in Guix for more than a
short time. Either someone must take responsibility for applying
security fixes to a given package, or else that package should be
removed. Does that make sense?
I've been doing my best to apply security fixes to Guix in a timely
fashion -- which turns out to be a big job and I could use more help --
but I'm *not* willing to do the duplicated work of applying the same
fixes to the bundled copies of libraries in Qt. If our Qt packages are
going to use bundled copies of libraries, then someone needs to take
responsibility for applying security updates to those copies.
Any takers?
In the meantime, I honestly have no idea what security holes exist in
our Qt packages, so I've purged all software that depends on Qt from my
system.
Mark
- Re: Qtwebengine, Andreas Enge, 2015/08/02
- Security updates for bundled copies of libraries in Qt,
Mark H Weaver <=