On 10/23/12, Donald Carr <[email protected]> wrote: > life is clearly not a popularity contest for d3fault.
rofl thank you for that compliment. better than Charley telling me I'm smart repeatedly -_- I agree completely!!! It's just that the recommended/officially-endorsed way of reporting security vulnerabilities is to the private mailing list. [email protected] should be official/public, [email protected] should be OFFERED, but not the 'official' way. The analyst who discovers the vuln can choose whatever he wants. He can even sell it to crackers... lol. qt-project.org/security/index.html should read something like this: If you discover a vulnerability, please report it to [email protected] and we'll take care of the rest. You can of course join in on the discussion and suggest fixes etc, as Qt is a COLLABORATIVE PROJECT. If you think the vulnerability would cause harm being publicly disclosed, you can instead send it to [email protected] --- but remember... just who are those people with access to that list, and can you trust them to not un/intentionally leak your vulnerability? Emphasis added. d3fault _______________________________________________ Development mailing list [email protected] http://lists.qt-project.org/mailman/listinfo/development
