[Development] proposal: security mailing list
lars.knoll at nokia.com
lars.knoll at nokia.com
Wed Nov 16 14:21:56 CET 2011
On 11/16/11 11:32 AM, "Peter Hartmann" <peter.hartmann at nokia.com> wrote:
>On 11/15/2011 09:30 PM, ext lars.knoll at nokia.com wrote:
>> (...)
>> The reason why many other projects have private lists for security
>>issues
>> is to avoid making zero day exploits widely known. It would most likely
>>be
>> good to also be able to discuss some of these issues in a more closed
>> mailing list, not to be less transparent, but to not tell hackers about
>> the issues before we have a fix.
>
>We have that list already internally within Nokia; whenever somebody
>sends a report via the security issue report form at
>http://qt.nokia.com/forms/security it will end up on the private
>security list.
>
>We are planning to transfer that list to something @qt-project.org. The
>plan is to make that list invite-only and the archives private.
>
>>
>> A public announcement list might be needed as well, but for that we
>>could
>> simply use announce at qt-project.org.
>
>OK, fine by me, then let's use the announce list for security
>announcements as well.
>
>If nobody objects I will write a blog post on http://labs.qt.nokia.com/
>the next time there is a security issue, and will say that in the future
>those things are handled through announce at qt-project.org.
Sounds like a plan :)
Cheers,
Lars
More information about the Development
mailing list