[Development] RFC: Qt Security Policy
Peter Hartmann
phartmann at rim.com
Tue Oct 9 10:37:33 CEST 2012
On 10/09/2012 01:07 AM, Giuseppe D'Angelo wrote:
> (...)
>> * Security issues should not be reported via the normal
>> bugreports.qt-project.org tracker, but should instead be sent to
>> security at qt-project.org.
>
> This requires advertising such address properly, on the main
> qt-project website, on the wiki, etc.
Back in Nokia days we had a web form on the "contact us" web page for
security issues (see also the thread from last year ->
http://www.mail-archive.com/development@qt-project.org/msg00401.html).
Maybe we could have a web form or the mail address mentioned at
qt-project.org? And maybe Digia wants to somehow link to that on their
web page as well?
The proposal looks good to me (I had read it before it was posted here);
one more thing: I see the "Blog" link on qt-project.org now links to the
Digia blog. Shouldn't it link to planet.qt-project.org? Then security
announcements could be made public through a blog post as well, and
mails on announce@ could link to the post if necessary etc.
Peter
---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.
More information about the Development
mailing list