Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-73277

Use https for downloading

    XMLWordPrintable

Details

    • Task
    • Resolution: Unresolved
    • Not Evaluated
    • None
    • 5.12.0
    • Packaging & Installer
    • None

    Description

      Recently a remote code execution vulnerability in Debian's and Ubuntu's package manager apt was reported. This was only possible because the insecure http is used for downloads.

      As I was told, Qt's installers and MaintenanceTools also still use http for some packages. Instead, https should be used for downloading all metadata and packages.

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-123621 Crash or rendering broken when changing tab while a download starts

          • P2: Important - Urgent, should be fixed, but will not stop the release.
          • Reported
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              releaseteam Qt Release Team
              rlohning Robert Löhning
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:

                Gerrit Reviews

                  There are no open Gerrit changes