[Development] proposal: security mailing list
Peter Hartmann
peter.hartmann at nokia.com
Tue Nov 15 12:30:58 CET 2011
Hello,
I would like to propose the introduction of a low-traffic security
mailing list for posting security patches for Qt.
Right now we always need to write a blog post entry with an attached
diff (see for instance [1]), but since e.g. SSL certificates get
compromised a lot these days, this does not scale that well. So maybe an
own mailing list with important security-related updates would be
helpful for Linux package maintainers and others.
There was the suggestion that this list should be private; personally I
rather favor a public list, because usually when creating patches for Qt
similar patches have landed in other public repositories already (e.g.
Chromium or Mozilla). The reason for that is that most of the security
patches were made regarding blacklisting fraudulent certificates rather
than fixing memory corruption bugs which should be kept secret.
Btw. note that there is also a security issue report form at
http://qt.nokia.com/forms/security .
Any comments?
Regards,
Peter
---
[1]
http://labs.qt.nokia.com/2011/09/07/what-the-diginotar-security-breach-means-for-qt-users-continued/
--
Qt Developer Days 2011 – REGISTER NOW!
October 24 – 26, Munich
November 29 – December 1, San Francisco
Learn more and Register at http://qt.nokia.com/qtdevdays2011
More information about the Development
mailing list