[Development] RFC: Qt Security Policy

Marc Mutz marc.mutz at kdab.com
Tue Oct 9 10:21:22 CEST 2012

Hi Rich,

Thanks for taking the time to write this up. I have but one question:

On Monday October 8 2012, Richard Moore wrote:
>  * Where possible packagers should be informed directly of which SHA1s they
>    should cherry pick in order to get a security fix.

What process do you recommend to prevent the Gerrit review of the patch (a 
necessary precondition for obtaining a final SHA1 of the commit) from 
(prematurely) disclosing the vulnerability?


Marc Mutz <marc.mutz at kdab.com> | Senior Software Engineer
KDAB (Deutschland) GmbH & Co.KG, a KDAB Group Company
www.kdab.com || Germany +49-30-521325470 || Sweden (HQ) +46-563-540090
KDAB - Qt Experts - Platform-Independent Software Solutions

More information about the Development mailing list