[Development] RFC: Qt Security Policy

Thiago Macieira thiago.macieira at intel.com
Wed Oct 10 17:51:10 CEST 2012

On quarta-feira, 10 de outubro de 2012 16.06.43, Richard Moore wrote:
> It was discussed with the Gerrit people, there's a response from them
> in the comments where they discuss how they handle the same issue for
> security holes in gerrit itself. Short version is that they have a
> second private gerrit instance for this.

It wouldn't work for us because we have a CI-controlled tree. The best we can 
do is to discuss the patch, agree upon it and run the tests in parallel with 
some help from the QA people, to ensure it's correct. But if we can't publish 
the patch before the disclosure, then we can't add it to the main tree or to 
Gerrit either...

Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel Open Source Technology Center
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.qt-project.org/pipermail/development/attachments/20121010/c8f22b3c/attachment.sig>

More information about the Development mailing list