Introducing the Qt WebEngine
Posted Sep 13, 2013 17:00 UTC (Fri) by khim
In reply to: Introducing the Qt WebEngine
Parent article: Introducing the Qt WebEngine
If you use third party libraries based on upstream versions, packaged in most distros, you don't have to worry that much with bug and security updates. You just need to mainly care about your own unique software.
This only works if all distributions carry the same version of library and don't introduce any changes (or at least introduce similar changes). Which is not true in practice.
From a security and maintenance perspective,from google's point of view, should give far less hassle and less maintenance work in the long term perspective.
Nope. Today Google deals with exactly one version of each bundled library. You are asking it do deal with bazillion versions floating around. How exactly is it “far less hassle and less maintenance work”?
I suspect most users don't care about that, they just want a safe product which works and gets the job done well.
Right. But the best security is achieved not when distributions are doing updates and not when Google are doing updates but when the most diligent party are doing updates. Do you have any studies which show that Google is doing worse job then, e.g., Debian or Ubuntu? Or are you just assuming that small group of people which supports tens of thousands of packages does better job then larger group which deals with hundreds of packages?
And if more projects does this as well, then you can really end up in a fun scenario where some of your applications are more vulnerable than others - based on which versions they bundle.
Sure. But said “fun scenario” is actually more secure then other scenarios if developers of applications which bundle some libraries are more diligent then distribution maintainers.
to post comments)