On 10 Oct 2012, at 11:18, d3fault <d3faultdot...@gmail.com> wrote: > Oh right this is where I'm supposed to disagree or object or > something... See: > http://lists.qt-project.org/pipermail/development/2012-October/006892.html > > tl;dr: I object on the grounds that behind closed doors security is > not only a waste of time, it also hurts Qt _users_.
> Do This: > -CVE/CERT aka private/exclusive notifications go to some email address > that only core security team has access to: > security-priv...@qt-project.org or something in the proposal that is secur...@qt-project.org > -secur...@qt-project.org becomes 'Security' mailing list, public > Read/Write. Only people interested in security read from or post to > this list. Questions, suggestions, etc in the proposal that is development@ and/or interest@ > -security-annou...@qt-project.org/Security-announce mailing list > announces immediately on (a) vuln existence confirmation, (b) vuln fix > (a and b can be grouped together, but a should not wait for b). > Distributors and Qt _users_ alike subscribe to this list, but with > Read-Only access. Core security team has write access in the proposal that is announce@ -- Eike Ziller, Senior Software Engineer - Digia, Qt Digia Germany GmbH, Rudower Chaussee 13, D-12489 Berlin Geschäftsführer: Mika Pälsi, Juha Varelius, Anja Wasenius Sitz der Gesellschaft: Berlin, Registergericht: Amtsgericht Charlottenburg, HRB 144331 B _______________________________________________ Development mailing list Development@qt-project.org http://lists.qt-project.org/mailman/listinfo/development