[Development] Qt5 combined source package - Perl dependency
Thiago Macieira
thiago.macieira at intel.com
Tue Apr 30 04:30:52 CEST 2013
On segunda-feira, 29 de abril de 2013 17.47.06, d3fault wrote:
> Paddles!
>
> On Mon, Apr 29, 2013 at 11:25 AM, Thiago Macieira
>
> <thiago.macieira at intel.com> wrote:
> > A determined hacker could infiltrate Digia's network and tamper with their
> > email server. When an email is received for security at qt-project.org, it
> > could then forward the vuln to the hacker's own email address. This way,
> > the privately disclosed vulns are now publically disclosed only amongst
> > hacker circles, which means all of the _users_ of Qt binaries are left in
> > the dark, as well as for people building from sources (including Linux
> > distributions).
I did not write this. If you're going to paraphrase me, say you're doing that.
So I'll just stop the answer here and not address your (invalid) comment
below.
> >
> >
> > Is this far-fetched? Maybe, but that's not the point. The point is: why do
> > we want to leave an attack vector open, if we can close it?
> >
> > --
> > Thiago Macieira - thiago.macieira (AT) intel.com
> >
> > Software Architect - Intel Open Source Technology Center
>
> +1 that's some sound logic right there. Why leave an attack vector open?
--
Thiago Macieira - thiago.macieira (AT) intel.com
Software Architect - Intel Open Source Technology Center
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.qt-project.org/pipermail/development/attachments/20130429/7acbd4c9/attachment.sig>
More information about the Development
mailing list