[Development] RFC: Qt Security Policy
Marc Mutz
marc.mutz at kdab.com
Tue Oct 9 10:21:22 CEST 2012
Hi Rich,
Thanks for taking the time to write this up. I have but one question:
On Monday October 8 2012, Richard Moore wrote:
> * Where possible packagers should be informed directly of which SHA1s they
> should cherry pick in order to get a security fix.
What process do you recommend to prevent the Gerrit review of the patch (a
necessary precondition for obtaining a final SHA1 of the commit) from
(prematurely) disclosing the vulnerability?
Thanks,
Marc
--
Marc Mutz <marc.mutz at kdab.com> | Senior Software Engineer
KDAB (Deutschland) GmbH & Co.KG, a KDAB Group Company
www.kdab.com || Germany +49-30-521325470 || Sweden (HQ) +46-563-540090
KDAB - Qt Experts - Platform-Independent Software Solutions
More information about the Development
mailing list