Allen Winter wrote: >So, we are ok with Andreas' hackery inside KTcpSocket. The only problem >occurs if someone tries to use QSslSocket directly. But I don't think > we need to worry about that much.. or do we?
No, we don't. Using QSslSocket bypasses all KDE SSL settings. No application is supposed to do that, as it also may pose a security risk (do all such application authors know how to read the SSL settings and disable the insecure keys that we disable in KDE?). >Or, maybe Qt4.3.4 we be released in the next 1-2 days, including this > patch, and we can require that. Not going to happen. The Qt 4.3.4 release is scheduled for the end of January. Even if I started the release process the day I come back to the office (Tuesday 8th), it takes at least one week and a half to get all tests done on all platforms (as per our release procedures). So the soonest for the release is actually the day I leave for Mountain View. In any case, I see that Andreas has committed a workaround already. Given the severity of this issue and the relative simple patch required to fix it, I can backport it and include in Qt 4.3.4 if it's of use. -- Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org PGP/GPG: 0x6EF45358; fingerprint: E067 918B B660 DBD1 105C 966C 33F5 F005 6EF4 5358
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ release-team mailing list [email protected] https://mail.kde.org/mailman/listinfo/release-team
