On 11/15/2011 09:30 PM, ext lars.kn...@nokia.com wrote: > (...) > The reason why many other projects have private lists for security issues > is to avoid making zero day exploits widely known. It would most likely be > good to also be able to discuss some of these issues in a more closed > mailing list, not to be less transparent, but to not tell hackers about > the issues before we have a fix.
We have that list already internally within Nokia; whenever somebody sends a report via the security issue report form at http://qt.nokia.com/forms/security it will end up on the private security list. We are planning to transfer that list to something @qt-project.org. The plan is to make that list invite-only and the archives private. > > A public announcement list might be needed as well, but for that we could > simply use annou...@qt-project.org. OK, fine by me, then let's use the announce list for security announcements as well. If nobody objects I will write a blog post on http://labs.qt.nokia.com/ the next time there is a security issue, and will say that in the future those things are handled through annou...@qt-project.org. Peter > > Cheers, > Lars > > _______________________________________________ > Development mailing list > Development@qt-project.org > http://lists.qt-project.org/mailman/listinfo/development -- Qt Developer Days 2011 – REGISTER NOW! October 24 – 26, Munich November 29 – December 1, San Francisco Learn more and Register at http://qt.nokia.com/qtdevdays2011 _______________________________________________ Development mailing list Development@qt-project.org http://lists.qt-project.org/mailman/listinfo/development
