On Tue, Nov 15, 2011 at 11:30 AM, Peter Hartmann <[email protected]> wrote: > I would like to propose the introduction of a low-traffic security > mailing list for posting security patches for Qt. > Right now we always need to write a blog post entry with an attached > diff (see for instance [1]), but since e.g. SSL certificates get > compromised a lot these days, this does not scale that well. So maybe an > own mailing list with important security-related updates would be > helpful for Linux package maintainers and others.
I think this makes complete sense. > > There was the suggestion that this list should be private; personally I > rather favor a public list, because usually when creating patches for Qt > similar patches have landed in other public repositories already (e.g. > Chromium or Mozilla). The reason for that is that most of the security > patches were made regarding blacklisting fraudulent certificates rather > than fixing memory corruption bugs which should be kept secret. I think a public list should be fine for the announcements. It doesn't stop there being a private list too if needed for privately discussing issues before they are addressed. Rich. _______________________________________________ Development mailing list [email protected] http://lists.qt-project.org/mailman/listinfo/development
