[Development] proposal: security mailing list

Peter Hartmann peter.hartmann at nokia.com
Tue Nov 15 12:30:58 CET 2011


Hello,

I would like to propose the introduction of a low-traffic security 
mailing list for posting security patches for Qt.
Right now we always need to write a blog post entry with an attached 
diff (see for instance [1]), but since e.g. SSL certificates get 
compromised a lot these days, this does not scale that well. So maybe an 
own mailing list with important security-related updates would be 
helpful for Linux package maintainers and others.

There was the suggestion that this list should be private; personally I 
rather favor a public list, because usually when creating patches for Qt 
similar patches have landed in other public repositories already (e.g. 
Chromium or Mozilla). The reason for that is that most of the security 
patches were made regarding blacklisting fraudulent certificates rather 
than fixing memory corruption bugs which should be kept secret.

Btw. note that there is also a security issue report form at
http://qt.nokia.com/forms/security .

Any comments?

Regards,

Peter


---
[1] 
http://labs.qt.nokia.com/2011/09/07/what-the-diginotar-security-breach-means-for-qt-users-continued/

-- 
Qt Developer Days 2011 – REGISTER NOW!
October 24 – 26, Munich
November 29 – December 1, San Francisco
Learn more and Register at http://qt.nokia.com/qtdevdays2011



More information about the Development mailing list