[Development] proposal: security mailing list

Peter Hartmann peter.hartmann at nokia.com
Wed Nov 16 11:32:22 CET 2011


On 11/15/2011 09:30 PM, ext lars.knoll at nokia.com wrote:
> (...)
> The reason why many other projects have private lists for security issues
> is to avoid making zero day exploits widely known. It would most likely be
> good to also be able to discuss some of these issues in a more closed
> mailing list, not to be less transparent, but to not tell hackers about
> the issues before we have a fix.

We have that list already internally within Nokia; whenever somebody 
sends a report via the security issue report form at 
http://qt.nokia.com/forms/security it will end up on the private 
security list.

We are planning to transfer that list to something @qt-project.org. The 
plan is to make that list invite-only and the archives private.

>
> A public announcement list might be needed as well, but for that we could
> simply use announce at qt-project.org.

OK, fine by me, then let's use the announce list for security 
announcements as well.

If nobody objects I will write a blog post on http://labs.qt.nokia.com/ 
the next time there is a security issue, and will say that in the future 
those things are handled through announce at qt-project.org.

Peter

>
> Cheers,
> Lars
>
> _______________________________________________
> Development mailing list
> Development at qt-project.org
> http://lists.qt-project.org/mailman/listinfo/development


-- 
Qt Developer Days 2011 – REGISTER NOW!
October 24 – 26, Munich
November 29 – December 1, San Francisco
Learn more and Register at http://qt.nokia.com/qtdevdays2011



More information about the Development mailing list