[Development] Proposal: Change Qt's Security Policy to Full Disclosure
Samuel Rødal
samuel.rodal at digia.com
Wed Oct 24 09:48:44 CEST 2012
On 10/24/2012 01:12 AM, d3fault wrote:
> On 10/23/12, Lincoln Ramsay <a1291762 at gmail.com> wrote:
>> We're not renaming things or creating new lists just to match the
>> names you think we should have.
>>
>
> *sigh*, I had a feeling someone would say something like that.
>
> The changes are trivial at a glance, yes....
> ...but what the Qt Project officially endorses/recommends is the real
> change here.
>
> Right now, the Qt Project instructs analysts use
> security-through-obscurity when reporting vulnerabilities.
Lars and Charles both provided good lists of reasons in another part of
this thread for going with the policy of Responsible Disclosure. Clearly
you disagree on the weighting of the pros and cons, but it doesn't seem
like you're able to convince anyone else about the superiority of your
position. At what point will you accept that?
--
Samuel
More information about the Development
mailing list