[Development] Proposal: Change Qt's Security Policy to Full Disclosure

Donald Carr sirspudd at gmail.com
Tue Oct 23 21:39:20 CEST 2012


Harg; like so many things, this can be a meritocratic system. That is
to say, if you discover the vulnerability, or simply learn about it,
there is either a public channel (dev mailing list) or a non-public
mailing list. It is at the discretion of the person reporting this
kind of bug which channel to use.

No-one is arguing in favour of security via obscurity, this
misattribution of quotes is infuriating but life is clearly not a
popularity contest for d3fault.

Toodles,
Donald

On Tue, Oct 23, 2012 at 11:11 AM, d3fault <d3faultdotxbe at gmail.com> wrote:
> On 10/23/12, d3fault <d3faultdotxbe at gmail.com> wrote:
>> You're like the priests in the early days hiding information (the
>> ability to read and write) and trying to convince us it's for our own
>> good. Time will tell who is right. su time; echo "d3fault is right";
>> exit;
>>
>
> That analogy fits better than I first realized.
>
> "Since the ability to read [books] allows malicious individuals to
> make bombs, nobody should have the ability to read [books]". -Knars
> Loll, Thiago Macieira, et al
>
>
> Posts are forever, not just Christmas
> d3fault
> _______________________________________________
> Development mailing list
> Development at qt-project.org
> http://lists.qt-project.org/mailman/listinfo/development



More information about the Development mailing list