[Development] Qt5 combined source package - Perl dependency
d3fault
d3faultdotxbe at gmail.com
Tue Apr 30 02:47:06 CEST 2013
Paddles!
On Mon, Apr 29, 2013 at 11:25 AM, Thiago Macieira
<thiago.macieira at intel.com> wrote:
> A determined hacker could infiltrate Digia's network and tamper with their
> email server. When an email is received for security at qt-project.org, it could
> then forward the vuln to the hacker's own email address. This way, the
> privately disclosed vulns are now publically disclosed only amongst hacker
> circles, which means all of the _users_ of Qt binaries are left in the dark,
> as well as for people building from sources (including Linux distributions).
>
>
> Is this far-fetched? Maybe, but that's not the point. The point is: why do we
> want to leave an attack vector open, if we can close it?
>
> --
> Thiago Macieira - thiago.macieira (AT) intel.com
> Software Architect - Intel Open Source Technology Center
>
+1 that's some sound logic right there. Why leave an attack vector open?
d3fault
More information about the Development
mailing list