[Development] RFC: Qt Security Policy

Konstantin Tokarev annulen at yandex.ru
Wed Oct 10 15:02:18 CEST 2012

09.10.2012, 20:59, "Richard Moore" <rich at kde.org>:
> On 9 October 2012 09:21, Marc Mutz <marc.mutz at kdab.com> wrote:
>>  Hi Rich,
>>  Thanks for taking the time to write this up. I have but one question:
>>  On Monday October 8 2012, Richard Moore wrote:
>>>   * Where possible packagers should be informed directly of which SHA1s they
>>>     should cherry pick in order to get a security fix.
>>  What process do you recommend to prevent the Gerrit review of the patch (a
>>  necessary precondition for obtaining a final SHA1 of the commit) from
>>  (prematurely) disclosing the vulnerability?
> That's a real problem I agree. There's some discussion on the topic here:
> https://bugs.launchpad.net/openstack-ci/+bug/902052

Launchpad is certainly wrong place to discuss this topic. It should be
submitted as feature request to Gerrit.


More information about the Development mailing list