On Wednesday, 27 May 2026 10:39:10 Pacific Daylight Time Ville Voutilainen wrote: > Do you have a guesstimate on how far the existing code would be from > just being promoted as-is?
My feeling it's basically a rewrite from scratch, with security in mind and with far more usability. I simply don't trust the code that is there, because it wasn't written with that in mind, has an extremely limited unit test, and has not been the subject of fuzzing at all. We have never checked what features might be interesting either, so it does a minimum that was required. Zip files aren't that complex, so it's not a huge amount of work. It also gets limited if one uses libarchive instead of attempting to write the parser from scratch and deal with the compression and uncompression. The largest amount of time is probably going to be in writing unit tests (which libarchive can't help us with) and setting up the fuzzer. -- Thiago Macieira - thiago.macieira (AT) intel.com Principal Engineer - Intel DCG - Platform & Sys. Eng.
smime.p7s
Description: S/MIME cryptographic signature
-- Development mailing list [email protected] https://lists.qt-project.org/listinfo/development
