Hello, I would like to propose the introduction of a low-traffic security mailing list for posting security patches for Qt. Right now we always need to write a blog post entry with an attached diff (see for instance [1]), but since e.g. SSL certificates get compromised a lot these days, this does not scale that well. So maybe an own mailing list with important security-related updates would be helpful for Linux package maintainers and others.
There was the suggestion that this list should be private; personally I rather favor a public list, because usually when creating patches for Qt similar patches have landed in other public repositories already (e.g. Chromium or Mozilla). The reason for that is that most of the security patches were made regarding blacklisting fraudulent certificates rather than fixing memory corruption bugs which should be kept secret. Btw. note that there is also a security issue report form at http://qt.nokia.com/forms/security . Any comments? Regards, Peter --- [1] http://labs.qt.nokia.com/2011/09/07/what-the-diginotar-security-breach-means-for-qt-users-continued/ -- Qt Developer Days 2011 – REGISTER NOW! October 24 – 26, Munich November 29 – December 1, San Francisco Learn more and Register at http://qt.nokia.com/qtdevdays2011 _______________________________________________ Development mailing list Development@qt-project.org http://lists.qt-project.org/mailman/listinfo/development