On 11/16/11 11:32 AM, "Peter Hartmann" <[email protected]> wrote:
>On 11/15/2011 09:30 PM, ext [email protected] wrote: >> (...) >> The reason why many other projects have private lists for security >>issues >> is to avoid making zero day exploits widely known. It would most likely >>be >> good to also be able to discuss some of these issues in a more closed >> mailing list, not to be less transparent, but to not tell hackers about >> the issues before we have a fix. > >We have that list already internally within Nokia; whenever somebody >sends a report via the security issue report form at >http://qt.nokia.com/forms/security it will end up on the private >security list. > >We are planning to transfer that list to something @qt-project.org. The >plan is to make that list invite-only and the archives private. > >> >> A public announcement list might be needed as well, but for that we >>could >> simply use [email protected]. > >OK, fine by me, then let's use the announce list for security >announcements as well. > >If nobody objects I will write a blog post on http://labs.qt.nokia.com/ >the next time there is a security issue, and will say that in the future >those things are handled through [email protected]. Sounds like a plan :) Cheers, Lars _______________________________________________ Development mailing list [email protected] http://lists.qt-project.org/mailman/listinfo/development
