On segunda-feira, 29 de abril de 2013 17.47.06, d3fault wrote: > Paddles! > > On Mon, Apr 29, 2013 at 11:25 AM, Thiago Macieira > > <thiago.macie...@intel.com> wrote: > > A determined hacker could infiltrate Digia's network and tamper with their > > email server. When an email is received for secur...@qt-project.org, it > > could then forward the vuln to the hacker's own email address. This way, > > the privately disclosed vulns are now publically disclosed only amongst > > hacker circles, which means all of the _users_ of Qt binaries are left in > > the dark, as well as for people building from sources (including Linux > > distributions).
I did not write this. If you're going to paraphrase me, say you're doing that. So I'll just stop the answer here and not address your (invalid) comment below. > > > > > > Is this far-fetched? Maybe, but that's not the point. The point is: why do > > we want to leave an attack vector open, if we can close it? > > > > -- > > Thiago Macieira - thiago.macieira (AT) intel.com > > > > Software Architect - Intel Open Source Technology Center > > +1 that's some sound logic right there. Why leave an attack vector open? -- Thiago Macieira - thiago.macieira (AT) intel.com Software Architect - Intel Open Source Technology Center
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Development mailing list Development@qt-project.org http://lists.qt-project.org/mailman/listinfo/development
