[Development] RFC: Qt Security Policy

Richard Moore rich at kde.org
Tue Oct 9 19:01:33 CEST 2012


On 9 October 2012 08:58, Ziller Eike <Eike.Ziller at digia.com> wrote:
>
> On 9 Oct 2012, at 01:07, Giuseppe D'Angelo <dangelog at gmail.com> wrote:
>
>> Hi Richard,
>>
>> many thanks for the insightful mail.
>>
>> On 8 October 2012 22:49, Richard Moore <rich at kde.org> wrote:
>>
>> […]
>
>>> == What Happens When an Issue is Reported? ==
>>>
>>> * security@ should be sent to a 'core security' team of developers who need
>>>   not be maintainers.
>>
>> Maintainers in the meaning of the Qt governance model? If so, I think
>> you meant Approvers here. In other words: I'd like to have any
>> community member in the security team, if it makes sense for them to
>> stay there.
>
> There's a "not" in that sentence, though I also find it not well placed ;)

I'll reword that to make it clearer. What I mean is that people can be
on the security team without being maintainers - ie. it is not simply
a list for maintainers.

Cheers

Rich.



More information about the Development mailing list