Hi Rich, Thanks for taking the time to write this up. I have but one question:
On Monday October 8 2012, Richard Moore wrote: > * Where possible packagers should be informed directly of which SHA1s they > should cherry pick in order to get a security fix. What process do you recommend to prevent the Gerrit review of the patch (a necessary precondition for obtaining a final SHA1 of the commit) from (prematurely) disclosing the vulnerability? Thanks, Marc -- Marc Mutz <marc.m...@kdab.com> | Senior Software Engineer KDAB (Deutschland) GmbH & Co.KG, a KDAB Group Company www.kdab.com || Germany +49-30-521325470 || Sweden (HQ) +46-563-540090 KDAB - Qt Experts - Platform-Independent Software Solutions _______________________________________________ Development mailing list Development@qt-project.org http://lists.qt-project.org/mailman/listinfo/development