[Development] Proposal: Change Qt's Security Policy to Full Disclosure

d3fault d3faultdotxbe at gmail.com
Wed Oct 24 23:46:09 CEST 2012


On 10/24/12, Samuel Rødal <samuel.rodal at digia.com> wrote:
>
> As far as I see it all the options have vulnerabilities, so it shouldn't
> be hard to prove that they exist within either approach.
>

Yep. Close one giant security-through-obscurity vulnerability, open
the door for script kiddies. It's a trade off, but at least we won't
have the ILLUSION OF SECURITY (worse than being insecure) anymore.

>
> If I get you correctly, you're saying that you want two security mailing
> lists, one open and one closed. Others have countered this by saying
> that the existing development mailing list will in practice act as the
> open one. In what way do you perceive these two options as being
> radically different?
>

Knowledge availability, which I value and I guess others do not?

m_ListOfUsersCommentingWithoutFirstReading << "Samuel";

See: http://lists.qt-project.org/pipermail/development/2012-October/007478.html

Duuude, you responded directly to that email too. How the what the I don't even

Are you trolling me?

d3fault



More information about the Development mailing list