[Development] RFC: Qt Security Policy
Konstantin Tokarev
annulen at yandex.ru
Wed Oct 10 15:02:18 CEST 2012
09.10.2012, 20:59, "Richard Moore" <rich at kde.org>:
> On 9 October 2012 09:21, Marc Mutz <marc.mutz at kdab.com> wrote:
>
>> Hi Rich,
>>
>> Thanks for taking the time to write this up. I have but one question:
>>
>> On Monday October 8 2012, Richard Moore wrote:
>>> * Where possible packagers should be informed directly of which SHA1s they
>>> should cherry pick in order to get a security fix.
>> What process do you recommend to prevent the Gerrit review of the patch (a
>> necessary precondition for obtaining a final SHA1 of the commit) from
>> (prematurely) disclosing the vulnerability?
>
> That's a real problem I agree. There's some discussion on the topic here:
> https://bugs.launchpad.net/openstack-ci/+bug/902052
Launchpad is certainly wrong place to discuss this topic. It should be
submitted as feature request to Gerrit.
--
Regards,
Konstantin
More information about the Development
mailing list