karl80038
commented
1 year ago I'm generally not fond of artificially blocking the installation/use of software. But I understand that sometimes it's needed (e.g to prevent the installation/update of incompatible DLLs on unsupported platforms that could render the system unusable). However I question the necessity here. And it could potentially be a problem to some. Obviously, for compatibility and especially for security reasons, one should always use the latest version. However, what if the user wants to urgently decrypt a file, but sadly cannot do that because the OS or hardware cannot run a "supported" version of the DigiDoc4/eID software and the version compatible with his/her platform is simply way too old. Or extract a document from the ASIC container. I think perhaps a better option would be not allowing the software to sign any documents if it has serious vulnerabilities and flaws. Maybe even done on the server side. I'm not sure if the software currently has the native capability to update itself in the background, but perhaps adding it at some point would ensure more people are on the current version. Regardless, thanks for reading this perhaps a little pointless rant/comment. Still wishing all the best!
IB-7689
https://github.com/open-eid/qt-common/pull/133