Hi, I've been creating https://codereview.qt-project.org/#/c/233962/2 to pin down what I assume is consensus so far. This is an update to QUIP-4 (https://quips-qt-io.herokuapp.com/quip-0004.html), which regulates how we handle Third-Party Components in Qt.
I also added a paragraph that all newly reported known security vulnerabilities in Third-Party Modules should go through the Qt Project security mailing list. Kai PS: Notes from the session at the Qt Contributor Summit are available at https://wiki.qt.io/QtCS2018_Third-Party_Sources_Policy_and_Security > -----Original Message----- > From: Development [mailto:development-bounces+kai.koehne=qt.io@qt- > project.org] On Behalf Of Thiago Macieira > Sent: Monday, June 11, 2018 1:18 PM > To: development@qt-project.org > Subject: Re: [Development] QtCS 2018: Third-party and security policy > > On Monday, 11 June 2018 10:56:42 CEST EXT Eike Ziller wrote: > > If we are about to release Qt Creator with LLVM/Clang 6.0, and > > LLVM/Clang > > 6.1 is released, this has good chances to introduce bugs. Aside from > > that, updating the binaries that we ship is an effort, since they are > > profile optimized etc etc. If instead LLVM/Clang 7.0 should be > > released, Qt Creator might not even compile anymore. The probability > > that some functionality is broken increases even more. After we fix > > all these issues (it’s 1-2 weeks later now than the original schedule), a > > new > version of sqlite is released. > > Good point about chasing a moving target. > > -- > Thiago Macieira - thiago.macieira (AT) intel.com > Software Architect - Intel Open Source Technology Center > > > > _______________________________________________ > Development mailing list > Development@qt-project.org > http://lists.qt-project.org/mailman/listinfo/development _______________________________________________ Development mailing list Development@qt-project.org http://lists.qt-project.org/mailman/listinfo/development