Introducing the Qt WebEngine
Posted Sep 18, 2013 17:15 UTC (Wed) by khim
In reply to: Introducing the Qt WebEngine
Parent article: Introducing the Qt WebEngine
Any upstream projects *do not* do even a remotely reasonable job of dealing with what they bundle
…but they do a reasonable job of dealing with their own code? Sorry, but I don't buy that. If project bundles bunch of libraries and then does not update them when vulnerabilities are found in these libraries then why do you believe it'll deal correctly with vulnerabilities of the code of the project itself?
zlib fiasco was the reason why distributions started focusing on unbundling in the first place
This was natural knee-jerk reaction but it only made situation worse. Now developers should cope with changes in API instead of doing a remotely reasonable job of dealing with what they bundle. Result is basically a system which is neither secure nor stable.
to post comments)