[Development] New Qt vulnerabilities

The Qt security team was made aware of two issues affecting the currently- released versions of Qt that could lead to loading of untrusted plugins, which can execute code immediately upon loading. We have assigned two IDs for them. The patches fixing those issues are linked to below. Issue 1)

Re: [Development] Changes to Qt offering

On Wednesday, 29 January 2020 16:55:18 PST Thiago Macieira wrote: > That's because we're sloppy and haven't done a proper job. The security > advisory was supposed to go out at the same time as the Qt 5.14.1 release > announcement. But the release announcement went out without the security >

Re: [Development] Changes to Qt offering

On Wednesday, 29 January 2020 08:10:23 PST Robert Loehning wrote: > [1] wasn't mentioned anywhere on qt.io and I didn't notice it on > annou...@qt-project.org, either. > > [2] was mentioned in a blog post, but I could not find any public steps > for reproducing the issue, so one cannot test

Re: [Development] Changes to Qt offering

On Wednesday, 29 January 2020 13:55:49 PST Alejandro Exojo wrote: > If we don't have this, we could end up with random projects on > Gitlab/Github, with custom cherry picks from dev applied, and the community > effort wasted because it's just plain hard to coordinate for an effort like > this

Re: [Development] Changes to Qt offering

On Thu, 30 Jan 2020 at 13:01, Oswald Buddenhagen wrote: > > On Wed, Jan 29, 2020 at 11:40:46PM +0100, Filippo Cucchetto wrote: > >Maybe you didn't get it but i meant to both put a reasonable price for > >a commercial license (500$) and turning everything GPL or commercial. > >Making everything

Re: [Development] Changes to Qt offering

On Wed, Jan 29, 2020 at 11:40:46PM +0100, Filippo Cucchetto wrote: Maybe you didn't get it but i meant to both put a reasonable price for a commercial license (500$) and turning everything GPL or commercial. Making everything GPL forces all LGPL to buy a commercial license. This obviously

Re: [Development] Changes to Qt offering

Il 29/01/20 23:40, Filippo Cucchetto ha scritto: Let's be clear, here all people are just telling their own opinions (you too) and i'm not pretending to be correct. I've no proof but: first, the offer announced here is of 499$ thus not very different from the one i've stated, second i've pointed

Re: [Development] Changes to Qt offering

> Just because it seems like a good price for you doesn't mean it's a good > price. Reducing the licence price to one tenth what it is today could mean the > revenues for the company reduce to one tenth too, which means the development > team might need to reduce to around one tenth what it is.

Re: [Development] Changes to Qt offering

On Thu, Jan 30, 2020 at 12:22 AM Matthew Woehlke wrote: > Aside from issues with Patreon's reputation I was not aware of such, but I'm going to take your word for it. > Besides, I was thinking more along the lines of something that could > integrate with other OSS tools (e.g. GitHub). >

Re: [Development] Changes to Qt offering

I personally want a goal oriented fundraiser model. Like "revamp qtwidgets", "do a round of serious bugfixes in qml" etc On Thu, Jan 30, 2020 at 1:23 AM Matthew Woehlke wrote: > On 29/01/2020 17.13, Konstantin Shegunov wrote: > > On Wed, Jan 29, 2020 at 11:55 PM Matthew Woehlke wrote: > >> We

Re: [Development] Changes to Qt offering

On 29/01/2020 17.13, Konstantin Shegunov wrote: > On Wed, Jan 29, 2020 at 11:55 PM Matthew Woehlke wrote: >> We need more open-source-meets-kickstarter... > > ehm, Patreon? Aside from issues with Patreon's reputation, there's a reason I wrote "kickstarter". I can't think of any instance where

Re: [Development] Changes to Qt offering

On Wed, Jan 29, 2020 at 11:55 PM Matthew Woehlke wrote: > We need more open-source-meets-kickstarter... > ehm, Patreon? ___ Development mailing list Development@qt-project.org https://lists.qt-project.org/listinfo/development

Re: [Development] Changes to Qt offering

On 29/01/2020 12.12, Konrad Rosenbaum wrote: > BTW: in the past I would have convinced one of my customers to buy > support for the Open Source version if it had been available. If there > was a simple possibility to buy a single support incident (say, for > 100Euros) I would even do this

Re: [Development] Changes to Qt offering

> You have absolutely no information on how elastic the Qt commercial price is, so kindly don't speculate on what price would be good. Let me pipe in about what people think of Qt's licensing model. I won't call names but I've been contacted just today by someone who has been legally bullied by

Re: [Development] Changes to Qt offering

On 20/01/29 04:02, Volker Hilsheimer wrote: [snip] > I wonder where all this love for the Qt installer comes from. I personally > consider “sudo apt-get install -y qtcreator” or “brew install qt-creator” or > “choco install qtcreator" to be vastly superior to using the installer UI, > and very

Re: [Development] Changes to Qt offering

On 20/01/29 10:39, ekke wrote: > Am 29.01.20 um 09:57 schrieb Cristián Maureira-Fredes: > > > > I really want to believe that the new startup price is the beginning > > of having ad-hoc pricing for everyone, and hopefully in the future > > we can also see "medium-size company prices" or > >

Re: [Development] Changes to Qt offering

On 2020-01-29 17:02, Volker Hilsheimer wrote: You obviously don’t trust that TQtC will treat the data the online-installer either demands or requires with the appropriate confidence. So, shouldn't you build Qt from sources? Your IP address is PII, after all. Why did you trust that The Qt

Re: [Development] Changes to Qt offering

Hi, On 2020-01-29 09:52, Cristián Maureira-Fredes wrote: I understand the video is an exaggeration, Is it? I found it was pretty much bang on. Even for Qt: I just counted - it took me 5 clicks, most of them not very intuitive, to download the Qt installer I currently need (Linux 32bit on a

Re: [Development] Changes to Qt offering

On Wednesday, 29 January 2020 00:52:00 PST Cristián Maureira-Fredes wrote: > Since TQtC has commercial costumers, we will internally fork > the latest bug fix release, and will start adding patches on > top of that on request of the costumers, but hey! all those > patches will be on Gerrit, so if

Re: [Development] Changes to Qt offering

On Wednesday, 29 January 2020 00:25:22 PST Filippo Cucchetto wrote: > Qt should find a good balance between licensing costs and investors. > Taking JetBrains as an example of similar (profitable) company you can see > that for a single developer all their tools suite costs 600 euros yearly >

Re: [Development] Changes to Qt offering

On 28/01/2020 22.27, Thiago Macieira wrote: > On Tuesday, 28 January 2020 08:09:00 PST Matthew Woehlke wrote: >> I agree... somewhat. Where I disagree is that I would go even further >> and suggest rethinking their entire business model. Maybe look at >> companies with a strong and successful open

Re: [Development] Changes to Qt offering

On 29/01/20 19:02, Volker Hilsheimer wrote: > You obviously don’t trust that TQtC will treat the data the online-installer > either demands or requires with the appropriate confidence. So, shouldn't you > build Qt from sources? Your IP address is PII, after all. Why did you trust > that The Qt

Re: [Development] Changes to Qt offering

On Wed, 29 Jan 2020 at 17:02, Volker Hilsheimer wrote: > > On 29 Jan 2020, at 15:20, Benjamin TERRIER wrote: > > On Wed, 29 Jan 2020 at 14:10, Cristián Maureira-Fredes < > cristian.maureira-fre...@qt.io> wrote: > >> > >> but for Windows/macOS this might have three solutions (maybe more): > >> -

Re: [Development] Changes to Qt offering

On Wednesday, 29 January 2020 01:09:25 PST Nicolas Arnaud-Cormos via Development wrote: > Hi Thiago, > > On 29/01/2020 04:25, Thiago Macieira wrote: > > The source code on download.qt.io remains anonymously accessible. > > How do you know that? > What would prevent The Qt Company to use Qt

Re: [Development] Changes to Qt offering

On 29/01/2020 17:02, Volker Hilsheimer wrote: On 29 Jan 2020, at 15:20, Benjamin TERRIER wrote: On Wed, 29 Jan 2020 at 14:10, Cristián Maureira-Fredes wrote: but for Windows/macOS this might have three solutions (maybe more): - Using package managers that provide Qt, - Download and compile

Re: [Development] Changes to Qt offering

On 28/01/2020 11.37, Volker Hilsheimer wrote: > The Qt Company is a public company ...well, that may not be helping. How many of the shareholders both care about the community and are sufficiently involved to make those feelings known? > Given how significant the Qt Company contribution to Qt

Re: [Development] Changes to Qt offering

Am 29.01.20 um 09:52 schrieb Cristián Maureira-Fredes: > I think nobody at Qt will be so irresponsible of not notifying > security patches, and I'm certain we will work around this issue, > to maybe distributed in a better way for Open Source users. Hi Cristián, what exactly do you consider a

Re: [Development] Changes to Qt offering

> On 29 Jan 2020, at 15:20, Benjamin TERRIER wrote: > On Wed, 29 Jan 2020 at 14:10, Cristián Maureira-Fredes > wrote: >> >> but for Windows/macOS this might have three solutions (maybe more): >> - Using package managers that provide Qt, >> - Download and compile Qt by themselves, >> - Create

Re: [Development] Forgot your Qt Account password?

It appears that somebody thought it would be funny to create a Qt Account with the development@qt-project.org email address. Qt Account Support folks, "please delete the account" ;-) Simon From: Development on behalf of Khuram Ali via Development Sent:

Re: [Development] Forgot your Qt Account password?

On Wed, 2020-01-29 at 14:07 +, Khuram Ali via Development wrote: > Hi,  > > I haven't requested to reset my Qt Account password. It seems some > malicious attempt. Please advise. thank you! I got it too. Everyone on the mailing list just received it. Kyle

Re: [Development] Changes to Qt offering

On Wed, 29 Jan 2020 at 14:10, Cristián Maureira-Fredes < cristian.maureira-fre...@qt.io> wrote: > > but for Windows/macOS this might have three solutions (maybe more): > - Using package managers that provide Qt, > - Download and compile Qt by themselves, > - Create an account and use the

Re: [Development] Forgot your Qt Account password?

Hi, Someone apparently created a Qt Account for the development@qt-project.org mailing list. Good idea, but we do want the accounts to be individual. Yours, Tuukka From: Development on behalf of Qt Project Development Reply-To: Khuram

Re: [Development] Forgot your Qt Account password?

Have you noticed how it started? > Thank you for creating a Qt Account. Please verify your email address > 'development@qt-project.org' within 72 hours to complete the registration > process I guess it's somebody angry because of mandatory Qt Account policy introduced recently? Best regards,

Re: [Development] Forgot your Qt Account password?

Khuram Ali (29 January 2020 15:07) replied > I haven't requested to reset my Qt Account password. It seems some malicious > attempt. Please advise. thank you! Indeed, this seems to have gone to the whole development list, which looks suspiciously like the 'bot that generated it is doing

Re: [Development] Forgot your Qt Account password?

Hi,  I haven't requested to reset my Qt Account password. It seems some malicious attempt. Please advise. thank you! Regards,Khuram Ali -Original Message- From: The Qt Company To: development Sent: Wed, Jan 29, 2020 3:04 pm Subject: [Development] Forgot your Qt Account password? Hi,

[Development] Forgot your Qt Account password?

Hi, We just received a request to reset the password for your Qt Account. No worries, you can simply make a new one. Just use the link below within 24 hours. https://login.qt.io/reset/w2ntQNBn2UMl6FuTRRi0aZsZoouN9r32 If you did not make this request, you can ignore this notification. You are

[Development] Forgot your Qt Account password?

Hi, We just received a request to reset the password for your Qt Account. No worries, you can simply make a new one. Just use the link below within 24 hours. https://login.qt.io/reset/tekxnyI306EhfRgKcvqRqGh5Oji0mbtI If you did not make this request, you can ignore this notification. You are

Re: [Development] Changes to Qt offering

On Wed, 2020-01-29 at 13:44 +, Cristián Maureira-Fredes wrote: > Hey Kyle, > > thanks for your answer, > out of curiosity, are there some past business models > that failed inside Kitware? or it has been support only since > the beginning? > > What I'm trying to find out is that if maybe

[Development] Qt Account email verification needed

Hi, Thank you for creating a Qt Account. Please verify your email address 'development@qt-project.org' within 72 hours to complete the registration process. Verify now: https://login.qt.io/confirm/kRfT9pEBSXpSQktLYTB7OW0lwURC6g5c If you did not create this account, please ignore this request.

Re: [Development] Changes to Qt offering

On 1/29/20 2:27 PM, Kyle Edwards via Development wrote: > On Wed, 2020-01-29 at 08:20 +0100, Elvis Stansvik wrote: >> Just want to add here: Even if CMake is probably the Kitware project >> with the largest number of users if counting developers, I don't >> think >> it's their flagship product.

Re: [Development] Changes to Qt offering

On Wed, 2020-01-29 at 08:20 +0100, Elvis Stansvik wrote: > Just want to add here: Even if CMake is probably the Kitware project > with the largest number of users if counting developers, I don't > think > it's their flagship product. That would be the VTK framework (2500 > classes, 1 MLoC) and

Re: [Development] Changes to Qt offering

On 1/29/20 2:01 PM, Andras Mantia via Development wrote: > Hi, > > On Wednesday, January 29, 2020 2:25:40 PM EET Cristián Maureira-Fredes wrote: >> This is nothing new Giuseppe, >> people actively using Qt will have Qt accounts because they either >> use our JIRA, and also Gerrit, son for those

Re: [Development] Changes to Qt offering

On 1/29/20 10:36 AM, Giuseppe D'Angelo via Development wrote: > Il 29/01/20 09:52, Cristián Maureira-Fredes ha scritto: >> >> Currently, you can create a Qt Account with your email >> and a password, when you received the email, you confirm by clicking on >> the link, and then you can optionally

Re: [Development] Changes to Qt offering

Hi Alberto, No, that is not the plan. For open-source user all releases are to be similar. New patch releases come until the next feature release is out. For commercial license holders, there will be additional patch releases available for selected Qt versions (Qt 5.15, Qt 6.2, ...) Yours,

Re: [Development] Changes to Qt offering

On 29/01/20 13:02, Edward Welbourne wrote: > Clarification: we'll be moving to "all commits land first on dev and are > cherry-picked out to other branches that need them" in place of our > present merge-based module. Where Cristián says "all those patches will > be on Gerrit", they'll be on dev

Re: [Development] Changes to Qt offering

" will the owners of a commercial license be given access to the branch? " => Yes. Yours, Tuukka On 29.1.2020, 13.21, "Giuseppe D'Angelo via Development" wrote: Hi, Il 29/01/20 11:02, Edward Welbourne ha scritto: > They'll be cherry-picked > from there to a

Re: [Development] Changes to Qt offering

Hi Antonio, Like the announcement says: "Starting with Qt 5.15, long term support (LTS) will only be available to commercial customers." There is no plan currently to change ongoing Qt 5.9 LTS or Qt 5.12 LTS support period. Qt 5.12 is currently in Strict phase, next step moving to Very

Re: [Development] Changes to Qt offering

Hi, Il 29/01/20 11:02, Edward Welbourne ha scritto: They'll be cherry-picked from there to a (presumably) private branch (maybe on a private repo), so you won't necessarily see the cherry-picked versions, only the dev versions. So any time the cherry-pick requires adaptation to the LTS, those

Re: [Development] Changes to Qt offering

On 27/1/20 15:34, Lars Knoll wrote: > One is a change in policy regarding the LTS releases, where the LTS part of a > release is in the future going to be restricted to commercial customers. All > bug fixes will (as agreed on the Qt Contributor Summit) go into dev first. > Backporting bug fixes

Re: [Development] Changes to Qt offering

Il 29/01/20 09:52, Cristián Maureira-Fredes ha scritto: >> Regarding the LTS decision, you can take it from another point of >> view: 5.15 will only have 2 or 3 bug fixing releases, and so will all >> the LTS versions in the future. Since TQtC has commercial costumers, >> we will internally fork

Re: [Development] Changes to Qt offering

[ disclaimer: I wrote this in the middle of a headache last night, so I hope this is understandable ] On Tue, Jan 28, 2020, at 5:37 PM, Volker Hilsheimer wrote: > Would making Qt cheaper make it more likely that the Qt Company becomes > a sustainable business? Would giving a few licenses out

Re: [Development] Changes to Qt offering

Am 29.01.20 um 09:57 schrieb Cristián Maureira-Fredes: I really want to believe that the new startup price is the beginning of having ad-hoc pricing for everyone, and hopefully in the future we can also see "medium-size company prices" or "freelancer developer licenses", but such decisions

Re: [Development] Changes to Qt offering

Il 29/01/20 09:52, Cristián Maureira-Fredes ha scritto: Currently, you can create a Qt Account with your email and a password, when you received the email, you confirm by clicking on the link, and then you can optionally enter your information. First Name and Last Name are required, but then

Re: [Development] Changes to Qt offering

Hi Thiago, On 29/01/2020 04:25, Thiago Macieira wrote: On Monday, 27 January 2020 23:59:10 PST Christian Gagneraud wrote: And that's really bad news How many wget will get broken? This cannot be true, Lars, tell me that download.qt.io will still work w/o login/password. Please! The source

Re: [Development] Changes to Qt offering

On 1/29/20 9:25 AM, Filippo Cucchetto wrote: > Qt should find a good balance between licensing costs and investors. > Taking JetBrains as an example of similar (profitable) company you can > see that for a single developer all their tools suite costs 600 euros yearly > decreasing to 400 after 3

Re: [Development] Changes to Qt offering

On 1/29/20 8:29 AM, Mathias Hasselmann wrote: > Am 27.01.2020 um 15:34 schrieb Lars Knoll: >> Hi all, >> [snip] >> The second change is that a Qt Account will be in the future required >> for binary packages. Source code will continue to be available as >> currently. This will simplify