[Development] Proposal: Change Qt's Security Policy to Full Disclosure

Samuel Rødal samuel.rodal at digia.com
Wed Oct 24 09:48:44 CEST 2012

On 10/24/2012 01:12 AM, d3fault wrote:
> On 10/23/12, Lincoln Ramsay <a1291762 at gmail.com> wrote:
>> We're not renaming things or creating new lists just to match the
>> names you think we should have.
> *sigh*, I had a feeling someone would say something like that.
> The changes are trivial at a glance, yes....
> ...but what the Qt Project officially endorses/recommends is the real
> change here.
> Right now, the Qt Project instructs analysts use
> security-through-obscurity when reporting vulnerabilities.

Lars and Charles both provided good lists of reasons in another part of 
this thread for going with the policy of Responsible Disclosure. Clearly 
you disagree on the weighting of the pros and cons, but it doesn't seem 
like you're able to convince anyone else about the superiority of your 
position. At what point will you accept that?


More information about the Development mailing list