Hi all, the Qt Project Security Policy is currently documented as a wiki page at [1]. Since QUIPs are the official way to document processes, I’m proposing that we are moving the policy to a QUIP.
As a starting point, this will be a rst-ified version of the current wiki page: https://codereview.qt-project.org/c/meta/quips/+/262502 In addition, we have also been discussing a few aspects in The Qt Company where we would like to see the policy evolve, such as: * the integration of CVE handling into the process of disclosing vulnerabilities * the documentation of security-relevant software engineering processes that The Qt Company operates today, such as external code audits or fuzzing; evolving such processes should be part of the discussion * reviewing the way the core security team is operating See https://bugreports.qt.io/browse/QTWEBSITE-860 for details. I’d be very happy about all contributions. Note that for the moment, the scope of this continues to be Qt itself, rather than surrounding infrastructure and processes. Cheers, Volker [1] https://wiki.qt.io/Qt_Project_Security_Policy _______________________________________________ Development mailing list [email protected] https://lists.qt-project.org/listinfo/development
