[QGIS-Developer] OSGeo4W Qt and OpenSSL versions

Larry Shaffer larrys at dakotacarto.com
Wed Apr 15 11:37:29 PDT 2020 

Hi Luigi,

On Wed, Apr 15, 2020 at 1:23 AM Luigi Pirelli <luipir at gmail.com> wrote:

> Hi Larry
>
> Usually Jürgen attend issues or feature requests opened in the  OSGeo4W
> track.
>

Sure, but this has to do with QGIS using an outdated SSL library, by way of
Qt. Since upgrading Qt to 5.12.4+ may be a concern for QGIS developers, as
it is a huge dependency with potential for issues upon any upgrade (even
between minor versions), I felt it was worth bringing up here first.

If anyone here knows of a reason why Qt for OSGeo4W should not be upgraded
from 5.11 to 5.12.4+, because of issues this may present in QGIS, please
describe them.

Of course, there may still be packaging reasons or issues blocking an
upgrade of Qt packages (they can be quite time consuming to work with),
However, if there is a significant issue with regards to QGIS, then it
should probably be discussed first.

Regards,

Larry Shaffer
Dakota Cartography
Black Hills, South Dakota


> Luigi Pirelli
>
>
> **************************************************************************************************
> * LinkedIn: https://www.linkedin.com/in/luigipirelli
> * Stackexchange: http://gis.stackexchange.com/users/19667/luigi-pirelli
> * GitHub: https://github.com/luipir
> * Book: Mastering QGIS3 - 3rd Edition
> <https://www.packtpub.com/eu/application-development/mastering-geospatial-development-qgis-3x-third-edition>
> * Hire a team: http://www.qcooperative.net
>
> **************************************************************************************************
>
>
> On Tue, 14 Apr 2020 at 19:08, Larry Shaffer <larrys at dakotacarto.com>
> wrote:
>
>> Hi,
>>
>> Comment mostly for Jürgen (and Windows devs/users)...
>>
>> I recommend OSGeo4W's Qt packages be updated to 5.12.4 or latest LTR,
>> specifically for this OpenSSL v1.1.1 reason:
>> https://www.qt.io/blog/2019/06/17/qt-5-12-4-released-support-openssl-1-1-1
>>
>> I think it is a security concern to rely upon an OpenSSL version that is
>> 3+ years old, as is the case with official Qt < 5.12.4 releases. For one
>> example, there is no TLS 1.3 support in OpenSSL 1.0.2.
>>
>> Regards,
>>
>> Larry Shaffer
>> Dakota Cartography
>> Black Hills, South Dakota
>>
>> _______________________________________________
>> QGIS-Developer mailing list
>> QGIS-Developer at lists.osgeo.org
>> List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
>> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-developer/attachments/20200415/5bb08087/attachment.html>

More information about the QGIS-Developer mailing list