[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-release-team
Subject: Re: Fwd: Re: SSL, KDE and Qt
From: Allen Winter <winter () kde ! org>
Date: 2007-12-30 23:59:11
Message-ID: 200712301859.11764.winter () kde ! org
[Download RAW message or body]
On Sunday 30 December 2007 18:50:40 Thiago Macieira wrote:
> Allen Winter wrote:
> >So, we are ok with Andreas' hackery inside KTcpSocket. The only problem
> >occurs if someone tries to use QSslSocket directly. But I don't think
> > we need to worry about that much.. or do we?
>
> No, we don't. Using QSslSocket bypasses all KDE SSL settings. No
> application is supposed to do that, as it also may pose a security risk
> (do all such application authors know how to read the SSL settings and
> disable the insecure keys that we disable in KDE?).
>
> >Or, maybe Qt4.3.4 we be released in the next 1-2 days, including this
> > patch, and we can require that.
>
> Not going to happen. The Qt 4.3.4 release is scheduled for the end of
> January.
>
> Even if I started the release process the day I come back to the office
> (Tuesday 8th), it takes at least one week and a half to get all tests
> done on all platforms (as per our release procedures). So the soonest for
> the release is actually the day I leave for Mountain View.
>
> In any case, I see that Andreas has committed a workaround already. Given
> the severity of this issue and the relative simple patch required to fix
> it, I can backport it and include in Qt 4.3.4 if it's of use.
>
Thanks.
I'll revert the qt-copy+patches requirement change.
_______________________________________________
release-team mailing list
release-team@kde.org
https://mail.kde.org/mailman/listinfo/release-team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic