[Development] RFC: Qt Security Policy
Thiago Macieira
thiago.macieira at intel.com
Wed Oct 10 17:51:10 CEST 2012
On quarta-feira, 10 de outubro de 2012 16.06.43, Richard Moore wrote:
> It was discussed with the Gerrit people, there's a response from them
> in the comments where they discuss how they handle the same issue for
> security holes in gerrit itself. Short version is that they have a
> second private gerrit instance for this.
It wouldn't work for us because we have a CI-controlled tree. The best we can
do is to discuss the patch, agree upon it and run the tests in parallel with
some help from the QA people, to ensure it's correct. But if we can't publish
the patch before the disclosure, then we can't add it to the main tree or to
Gerrit either...
--
Thiago Macieira - thiago.macieira (AT) intel.com
Software Architect - Intel Open Source Technology Center
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.qt-project.org/pipermail/development/attachments/20121010/c8f22b3c/attachment.sig>
More information about the Development
mailing list