Re: [Development] Pinging Marco Bubke for QTCREATORBUG-20401 - Allow to build with system's SQLite

[Marco Bubke]

The Sqlite module is not a plugin but a library. It is linked to a plugin but 
this plugin is not build in release and normally disabled.
Like I said, it can be simply not build for release. Please stick to KISS.

On June 8, 2018 16:30:19 Edward Welbourne  wrote:

> Marco Bubke (7 June 2018 19:37) wrote:
>> AFAIK the refactoring plugin is disabled for release. Just do the same for 
>> the Sqlite library.
>
> Probably better to do as Thiago said:
>
> On June 7, 2018 23:54:43 Thiago Macieira  wrote:
>>> So we just need a conditional to disable the building if the refactoring
>>> plugin isn't enabled either.
>
> or, perhaps more to the point, only enable building of the sqlite plugin
> if (it's explicitly wanted or) something that needs it is enabled,
>
> Eddy.

___
Development mailing list
Development@qt-project.org
http://lists.qt-project.org/mailman/listinfo/development

Re: [Development] Pinging Marco Bubke for QTCREATORBUG-20401 - Allow to build with system's SQLite

[Edward Welbourne]

Marco Bubke (7 June 2018 19:37) wrote:
> AFAIK the refactoring plugin is disabled for release. Just do the same for 
> the Sqlite library.

Probably better to do as Thiago said:

On June 7, 2018 23:54:43 Thiago Macieira  wrote:
>> So we just need a conditional to disable the building if the refactoring
>> plugin isn't enabled either.

or, perhaps more to the point, only enable building of the sqlite plugin
if (it's explicitly wanted or) something that needs it is enabled,

Eddy.
___
Development mailing list
Development@qt-project.org
http://lists.qt-project.org/mailman/listinfo/development

Re: [Development] Pinging Marco Bubke for QTCREATORBUG-20401 - Allow to build with system's SQLite

[Marco Bubke]

AFAIK the refactoring plugin is disabled for release. Just do the same for the 
Sqlite library.

On June 7, 2018 23:54:43 Thiago Macieira  wrote:

> On Thursday, 7 June 2018 06:56:11 PDT Lisandro Damián Nicanor Pérez Meyer
> wrote:
>> El jueves, 7 de junio de 2018 07:17:10 -03 Marco Bubke escribió:
>> > It is used buy the Clang refactoring plugin, which is not build by
>> > default.
>>
>> But we are still building sqlite3.c by default.
>
> So we just need a conditional to disable the building if the refactoring
> plugin isn't enabled either.
>
> --
> Thiago Macieira - thiago.macieira (AT) intel.com
>  Software Architect - Intel Open Source Technology Center
>
>
>
> ___
> Development mailing list
> Development@qt-project.org
> http://lists.qt-project.org/mailman/listinfo/development

___
Development mailing list
Development@qt-project.org
http://lists.qt-project.org/mailman/listinfo/development

Re: [Development] Pinging Marco Bubke for QTCREATORBUG-20401 - Allow to build with system's SQLite

[Thiago Macieira]

On Thursday, 7 June 2018 02:19:26 PDT Giuseppe D'Angelo wrote:
> Hi,
> 
> On 07/06/18 05:13, Thiago Macieira wrote:
> > As you may be aware, Intel is taking security VERY seriously and I cannot
> > accept a project I contribute to having any worse policies. Our open
> > source
> > security team also evaluates each project's security policies and they
> > have
> > blacklisted quite a few open source projects from being used in Intel
> > products, so I'd like to make sure Qt continues to comply with the
> > stricter
> > guidelines.
> 
> By any chance, are these guidelines public?

No. I can summarise and paraphrase, though. It basically it boils down to 
"releases frequently and has a security team", which is fine for most 
projects.

My gripe is with the third party content we have inside Qt, which throws a 
wrench into the gears. Intel products MUST use the latest release and follow 
all the security guidelines for all software it's using, so those bundled 
third-party hide releases and security notices that are relevant. This is what 
I want to discuss: how can we make sure we don't cause our users to use known-
insecure software because we haven't updated our third-party content.

For that reason, my current advice to ANY software using Qt is to never use 
any of the bundled third-party (always use system libraries). Note how this 
means "don't ever use the pre-built binaries from download.qt.io"...

PS: I realise I am guilty of the thing I am accusing of too. TinyCBOR, just 
merged into 5.12, cannot be used as a system library as it stands. I had 
planned on having sufficient time to finish the API for 0.6 before the Qt 5.12 
release, but it doesn't look like it.

-- 
Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel Open Source Technology Center



___
Development mailing list
Development@qt-project.org
http://lists.qt-project.org/mailman/listinfo/development

Re: [Development] Pinging Marco Bubke for QTCREATORBUG-20401 - Allow to build with system's SQLite

[Thiago Macieira]

On Thursday, 7 June 2018 06:56:11 PDT Lisandro Damián Nicanor Pérez Meyer 
wrote:
> El jueves, 7 de junio de 2018 07:17:10 -03 Marco Bubke escribió:
> > It is used buy the Clang refactoring plugin, which is not build by
> > default.
> 
> But we are still building sqlite3.c by default.

So we just need a conditional to disable the building if the refactoring 
plugin isn't enabled either.

-- 
Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel Open Source Technology Center



___
Development mailing list
Development@qt-project.org
http://lists.qt-project.org/mailman/listinfo/development

Re: [Development] Pinging Marco Bubke for QTCREATORBUG-20401 - Allow to build with system's SQLite

[Lisandro Damián Nicanor Pérez Meyer]

El jueves, 7 de junio de 2018 07:17:10 -03 Marco Bubke escribió:
> It is used buy the Clang refactoring plugin, which is not build by default.

But we are still building sqlite3.c by default.


-- 
Los chicos tienen un mayor dominio de la tecnología (y las habilidades y
lenguaje que eso implica) que los adultos con los que se relacionan. Por lo
general saben más que sus propios padres, sus docentes, sus pediatras,
psicólogos, que los políticos y funcionarios de sus comunidades. Eso afectó la
autoridad que tenía un adulto para habilitar al mundo.
  Luis Pescetti
  http://www.luispescetti.com/regale-su-obra/

Lisandro Damián Nicanor Pérez Meyer
http://perezmeyer.com.ar/
http://perezmeyer.blogspot.com/


signature.asc
Description: This is a digitally signed message part.
___
Development mailing list
Development@qt-project.org
http://lists.qt-project.org/mailman/listinfo/development

Re: [Development] Pinging Marco Bubke for QTCREATORBUG-20401 - Allow to build with system's SQLite

[Marco Bubke]

It is used buy the Clang refactoring plugin, which is not build by default. So 
I see no urgency in it except it will break it. Let's discuss it if I am back.

On June 7, 2018 15:06:57 Thiago Macieira  wrote:

> On Wednesday, 6 June 2018 23:52:35 PDT Marco Bubke wrote:
>> Hi
>>
>> I am on vacation till end of July, I am looking forward to discuss it in
>> August.
>
> Sure. Meanwhile, can we apply Lisandro's patch?
>
> --
> Thiago Macieira - thiago.macieira (AT) intel.com
>  Software Architect - Intel Open Source Technology Center
>
>
>
> ___
> Development mailing list
> Development@qt-project.org
> http://lists.qt-project.org/mailman/listinfo/development

___
Development mailing list
Development@qt-project.org
http://lists.qt-project.org/mailman/listinfo/development

Re: [Development] Pinging Marco Bubke for QTCREATORBUG-20401 - Allow to build with system's SQLite

[Giuseppe D'Angelo]

Hi,

On 07/06/18 05:13, Thiago Macieira wrote:

As you may be aware, Intel is taking security VERY seriously and I cannot
accept a project I contribute to having any worse policies. Our open source
security team also evaluates each project's security policies and they have
blacklisted quite a few open source projects from being used in Intel
products, so I'd like to make sure Qt continues to comply with the stricter
guidelines.


By any chance, are these guidelines public?

Thanks,
--
Giuseppe D'Angelo | giuseppe.dang...@kdab.com | Senior Software Engineer
KDAB (France) S.A.S., a KDAB Group company
Tel. France +33 (0)4 90 84 08 53, http://www.kdab.com
KDAB - The Qt, C++ and OpenGL Experts



smime.p7s
Description: S/MIME Cryptographic Signature
___
Development mailing list
Development@qt-project.org
http://lists.qt-project.org/mailman/listinfo/development

Re: [Development] Pinging Marco Bubke for QTCREATORBUG-20401 - Allow to build with system's SQLite

[Thiago Macieira]

On Wednesday, 6 June 2018 23:52:35 PDT Marco Bubke wrote:
> Hi
> 
> I am on vacation till end of July, I am looking forward to discuss it in
> August.

Sure. Meanwhile, can we apply Lisandro's patch?

-- 
Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel Open Source Technology Center



___
Development mailing list
Development@qt-project.org
http://lists.qt-project.org/mailman/listinfo/development

Re: [Development] Pinging Marco Bubke for QTCREATORBUG-20401 - Allow to build with system's SQLite

[Marco Bubke]

Hi

I am on vacation till end of July, I am looking forward to discuss it in August.

Best regards, Marco

On June 7, 2018 11:13:24 Thiago Macieira  wrote:

> On Wednesday, 6 June 2018 19:57:55 PDT Thiago Macieira wrote:
>> On Wednesday, 6 June 2018 19:09:00 PDT Lisandro Damián Nicanor Pérez Meyer
>>
>> wrote:
>> >  - Is it worth the trade off considering it makes finding security bugs
>> >  more
>> >
>> > complicated?
>>
>> We're not supposed to find or fix sqlite security issues. We get them from
>> upstream and upstream supports the single-file build style.
>
> Actually, this is a very important subject, so I just added a session to the
> QtCS program next week to discuss it.
>
> As you may be aware, Intel is taking security VERY seriously and I cannot
> accept a project I contribute to having any worse policies. Our open source
> security team also evaluates each project's security policies and they have
> blacklisted quite a few open source projects from being used in Intel
> products, so I'd like to make sure Qt continues to comply with the stricter
> guidelines.
>
> --
> Thiago Macieira - thiago.macieira (AT) intel.com
>  Software Architect - Intel Open Source Technology Center
>
>
>
> ___
> Development mailing list
> Development@qt-project.org
> http://lists.qt-project.org/mailman/listinfo/development

___
Development mailing list
Development@qt-project.org
http://lists.qt-project.org/mailman/listinfo/development

Re: [Development] Pinging Marco Bubke for QTCREATORBUG-20401 - Allow to build with system's SQLite

[Tim Jenssen]

I try to forward this message, but he is at a long vacation trip. So it could 
take a while.


Outlook for Android herunterladen


From: Development  on 
behalf of Thiago Macieira 
Sent: Thursday, June 7, 2018 5:13:07 AM
To: development@qt-project.org
Subject: Re: [Development] Pinging Marco Bubke for QTCREATORBUG-20401 - Allow 
to build with system's SQLite

On Wednesday, 6 June 2018 19:57:55 PDT Thiago Macieira wrote:
> On Wednesday, 6 June 2018 19:09:00 PDT Lisandro Damián Nicanor Pérez Meyer
>
> wrote:
> >  - Is it worth the trade off considering it makes finding security bugs
> >  more
> >
> > complicated?
>
> We're not supposed to find or fix sqlite security issues. We get them from
> upstream and upstream supports the single-file build style.

Actually, this is a very important subject, so I just added a session to the
QtCS program next week to discuss it.

As you may be aware, Intel is taking security VERY seriously and I cannot
accept a project I contribute to having any worse policies. Our open source
security team also evaluates each project's security policies and they have
blacklisted quite a few open source projects from being used in Intel
products, so I'd like to make sure Qt continues to comply with the stricter
guidelines.

--
Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel Open Source Technology Center



___
Development mailing list
Development@qt-project.org
http://lists.qt-project.org/mailman/listinfo/development
___
Development mailing list
Development@qt-project.org
http://lists.qt-project.org/mailman/listinfo/development

Re: [Development] Pinging Marco Bubke for QTCREATORBUG-20401 - Allow to build with system's SQLite

[Thiago Macieira]

On Wednesday, 6 June 2018 19:57:55 PDT Thiago Macieira wrote:
> On Wednesday, 6 June 2018 19:09:00 PDT Lisandro Damián Nicanor Pérez Meyer
> 
> wrote:
> >  - Is it worth the trade off considering it makes finding security bugs
> >  more
> > 
> > complicated?
> 
> We're not supposed to find or fix sqlite security issues. We get them from
> upstream and upstream supports the single-file build style.

Actually, this is a very important subject, so I just added a session to the 
QtCS program next week to discuss it.

As you may be aware, Intel is taking security VERY seriously and I cannot 
accept a project I contribute to having any worse policies. Our open source 
security team also evaluates each project's security policies and they have 
blacklisted quite a few open source projects from being used in Intel 
products, so I'd like to make sure Qt continues to comply with the stricter 
guidelines.

-- 
Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel Open Source Technology Center



___
Development mailing list
Development@qt-project.org
http://lists.qt-project.org/mailman/listinfo/development

Re: [Development] Pinging Marco Bubke for QTCREATORBUG-20401 - Allow to build with system's SQLite

[Thiago Macieira]

On Wednesday, 6 June 2018 19:09:00 PDT Lisandro Damián Nicanor Pérez Meyer 
wrote:
>  - Is it worth the trade off considering it makes finding security bugs more
> complicated?

We're not supposed to find or fix sqlite security issues. We get them from 
upstream and upstream supports the single-file build style.

-- 
Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel Open Source Technology Center



___
Development mailing list
Development@qt-project.org
http://lists.qt-project.org/mailman/listinfo/development

Re: [Development] Pinging Marco Bubke for QTCREATORBUG-20401 - Allow to build with system's SQLite

[Lisandro Damián Nicanor Pérez Meyer]

El miércoles, 6 de junio de 2018 22:22:35 -03 Thiago Macieira escribió:
> On Wednesday, 6 June 2018 16:44:02 PDT Lisandro Damián Nicanor Pérez Meyer
> 
> wrote:
> > Hi! As neither the bug, the proposed patch or the pings have been
> > replied I'm hereby pinging Marco Bubke or someone else who might take
> > a look at this.
> 
> Also, please explain why it isn't using QtSql.

I also notd that SQLite was embedded in the source as a single file because 
"compilers can better optimize it".
 - Is this benchmarked?
 - Is it worth the trade off considering it makes finding security bugs more 
complicated?

-- 
El futuro es WIN95 A no ser que hagamos algo a tiempo.

Lisandro Damián Nicanor Pérez Meyer
http://perezmeyer.com.ar/
http://perezmeyer.blogspot.com/


signature.asc
Description: This is a digitally signed message part.
___
Development mailing list
Development@qt-project.org
http://lists.qt-project.org/mailman/listinfo/development

Re: [Development] Pinging Marco Bubke for QTCREATORBUG-20401 - Allow to build with system's SQLite

[Thiago Macieira]

On Wednesday, 6 June 2018 16:44:02 PDT Lisandro Damián Nicanor Pérez Meyer 
wrote:
> Hi! As neither the bug, the proposed patch or the pings have been
> replied I'm hereby pinging Marco Bubke or someone else who might take
> a look at this.

Also, please explain why it isn't using QtSql.

-- 
Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel Open Source Technology Center



___
Development mailing list
Development@qt-project.org
http://lists.qt-project.org/mailman/listinfo/development

[Development] Pinging Marco Bubke for QTCREATORBUG-20401 - Allow to build with system's SQLite

[Lisandro Damián Nicanor Pérez Meyer]

Hi! As neither the bug, the proposed patch or the pings have been
replied I'm hereby pinging Marco Bubke or someone else who might take
a look at this.

Thanks!

-- 
Lisandro Damián Nicanor Pérez Meyer
http://perezmeyer.com.ar/
http://perezmeyer.blogspot.com/
___
Development mailing list
Development@qt-project.org
http://lists.qt-project.org/mailman/listinfo/development