[Development] Proposal: Time to decide what security policy the Qt Project will use (not Trolltech/Nokia/Digia)

d3fault d3faultdotxbe at gmail.com
Fri Oct 26 17:06:02 CEST 2012

On 10/26/12, Konstantin Tokarev <annulen at yandex.ru> wrote:
> Use of QSsl just allows your application to use SSL, but by no means makes
> it
> "secure" or "trusted".


SSL = SECURE Socket Layer

You soft tossed me that one (or perhaps a expert troll agen).

...but you're half right: using QSsl does not mean the rest of your
application is secure.

On 10/26/12, Thiago Macieira <thiago.macieira at intel.com> wrote:
> You're wrong here.
> The new security policy was reached by consensus by posting the new details
> to
> this mailing list and opening up for discussion. Aside from you, no one
> objected strongly to the choice of Responsible Disclosure.
> That's consensus.

Link? You're not referring to my previous proposal are you? Also: we
can still change it.

Is that it? This was just getting interesting. How anti-climactic.

What about:

>-A few crackers armed with knowledge you don't have
>-A ton of script kiddies with knowledge you also have

>The lesser of two evils is the latter.

>BECAUSE *copies from above*:
>You do not have to fear the script kiddies a single bit if you are
>armed with the same information as them (because you shut down).

That's a strong argument.


More information about the Development mailing list