2012/10/28 d3fault d3faultdot...@gmail.com:
The reason I'm giving up is because I now understand the following to be true:
The Qt Project's leaders are choosing to sacrifice the security of
everyone for the profits of a few.
No, this decision has been made because the meriocractic Qt Project
Meh, sorry for the noise. That analogy sucks actually. Knowledge of
the serial killer rapist on a limited basis (a la private disclosure)
does not empower others (script kiddies)... so the analogy fails. The
point about not going outside when a killer is *KNOWN* to be right out
your door is still
On Thu, Oct 25, 2012 at 10:26:21PM -0700, d3fault wrote:
thiago wrote:
It's about deciding which of two evils is the lesser one.
EXACTLY.
-A few crackers armed with knowledge you don't have
-A ton of script kiddies with knowledge you also have
The lesser of two evils is the latter.
On 10/26/12, Oswald Buddenhagen oswald.buddenha...@digia.com wrote:
this is exactly where you are simply wrong.
for the vast majority of users, downtime is a way more costly problem
than an information leak.
True. Those people fall into the 99% category of people not practicing
security. For
26.10.2012, 16:17, d3fault d3faultdot...@gmail.com:
also, we are talking about qt here. no sane person would use qt in the
trusted parts of a (seriously) security-sensitive system.
So are you suggesting we remove the QSsl namespace from Qt then? You
can't have it both ways.
Use of QSsl
On 10/26/12, Konstantin Tokarev annu...@yandex.ru wrote:
Use of QSsl just allows your application to use SSL, but by no means makes
it
secure or trusted.
*blinks*
SSL = SECURE Socket Layer
You soft tossed me that one (or perhaps a expert troll agen).
...but you're half right: using QSsl
On Fri, Oct 26, 2012 at 11:06 PM, d3fault d3faultdot...@gmail.com wrote:
What about:
EXACTLY.
-A few crackers armed with knowledge you don't have
-A ton of script kiddies with knowledge you also have
The lesser of two evils is the latter.
BECAUSE *copies from above*:
You do not have to
Dear d3fault,
d3fault wrote:
Nah. WILL is too strong a statement. More like: very very very very likely
;-)
Cras in mi ut mi auctor tincidunt. Vestibulum volutpat lorem eget
ligula egestas vehicula. Mauris in nisi et ligula accumsan accumsan
vitae at erat. Etiam vitae leo risus. Vivamus
On Friday 26 October 2012 Oct, João Abecasis wrote:
...
Cum sociis natoque penatibus et magnis dis parturient montes, nascetur
ridiculus mus. Nam faucibus mi eget arcu aliquet tristique. Morbi sem
purus, volutpat sit amet pretium ac, suscipit nec odio. Suspendisse
rhoncus mattis neque, sed
Oh god my sides. Not sure if troll. I'm incapable of determining it.
Here's what Google Translate spat out:
Tomorrow in my work as my adviser. Product Information Product needs
Poverty impact vehicles. Moors and the only consumer-oriented indicators
life here. This is a comment. We hit most of
Op 25-10-2012 9:18, d3fault schreef:
a big re-itteration of yet the same arguments
Indeed, time for a conclusion. Oh wait: Lars already gave that conclusion:
http://lists.qt-project.org/pipermail/development/2012-October/007511.html
Sorry that the conclusion doesn't match your ideas of the
*I am a citizen/_user_ of this open governance project?*
Please read:
http://qt-project.org/wiki/The_Qt_Governance_Model
Maybe you are a user, but from what I have read are not 'Evangelizing about
the Project' and you are not 'Providing moral support' (you are telling how
terrible things are).
On quinta-feira, 25 de outubro de 2012 00.18.32, d3fault wrote:
Qt has corporate roots. Responsible Disclosure has been in place since
the Trolltech days. Corporations tend to prefer Responsible Disclosure
because it pleases their commercial customers. Commercial entities
like to keep their
Thank you Thiago for actually presenting an argument instead of just
responding with noise (or just dismissively waving your hand as in the
case of Lars).
On 10/25/12, Thiago Macieira thiago.macie...@intel.com wrote:
commercial entities have good people who make intelligent and logical
On quinta-feira, 25 de outubro de 2012 19.42.12, d3fault wrote:
What's more important in this is that the
level of competence and resources in the exploit community varies a lot. I
can agree that exploiters with vast resources may learn the security
issues before the full disclosure happens,
this group WILL be hacked
Nah. WILL is too strong a statement. More like: very very very very likely ;-)
Besides, this argument does not counter mine. I am asserting that the number
of attackers who get access to the exploits before they become public is much,
much smaller than the number of
16 matches
Mail list logo