[Development] Proposal: Time to decide what security policy the Qt Project will use (not Trolltech/Nokia/Digia)

Oswald Buddenhagen oswald.buddenhagen at digia.com
Fri Oct 26 12:13:53 CEST 2012


On Thu, Oct 25, 2012 at 10:26:21PM -0700, d3fault wrote:
> thiago wrote:
> >It's about deciding which of two evils is the lesser one.
> 
> EXACTLY.
> -A few crackers armed with knowledge you don't have
> -A ton of script kiddies with knowledge you also have
> 
> The lesser of two evils is the latter.
> 
this is exactly where you are simply wrong.
for the vast majority of users, downtime is a way more costly problem
than an information leak. add to that that resourceful crackers often
have zero-day exploits available anyway, and it becomes blatantly
obvious that your "security group was infiltrated/hacked" scenario is,
statistically speaking, rather irrelevant.

also, we are talking about qt here. no sane person would use qt in the
trusted parts of a (seriously) security-sensitive system.

so, can we now *please* put the matter to rest?



More information about the Development mailing list