[Development] Proposal: Time to decide what security policy the Qt Project will use (not Trolltech/Nokia/Digia)
d3fault
d3faultdotxbe at gmail.com
Fri Oct 26 17:06:02 CEST 2012
On 10/26/12, Konstantin Tokarev <annulen at yandex.ru> wrote:
>
> Use of QSsl just allows your application to use SSL, but by no means makes
> it
> "secure" or "trusted".
>
*blinks*
SSL = SECURE Socket Layer
You soft tossed me that one (or perhaps a expert troll agen).
...but you're half right: using QSsl does not mean the rest of your
application is secure.
On 10/26/12, Thiago Macieira <thiago.macieira at intel.com> wrote:
> You're wrong here.
>
> The new security policy was reached by consensus by posting the new details
> to
> this mailing list and opening up for discussion. Aside from you, no one
> objected strongly to the choice of Responsible Disclosure.
>
> That's consensus.
>
Link? You're not referring to my previous proposal are you? Also: we
can still change it.
Is that it? This was just getting interesting. How anti-climactic.
What about:
>EXACTLY.
>-A few crackers armed with knowledge you don't have
>-A ton of script kiddies with knowledge you also have
>The lesser of two evils is the latter.
>BECAUSE *copies from above*:
>You do not have to fear the script kiddies a single bit if you are
>armed with the same information as them (because you shut down).
That's a strong argument.
d3fault
More information about the Development
mailing list