On 24/10/12 07:01, d3fault wrote: > If you discover a vulnerability, please report it to > secur...@qt-project.org and we'll take care of the rest. You can of > course join in on the discussion and suggest fixes etc, as Qt is a > COLLABORATIVE PROJECT. > > If you think the vulnerability would cause harm being publicly > disclosed, you can instead send it to security-priv...@qt-project.org > --- but remember... just who are those people with access to that > list, and can you trust them to not un/intentionally leak your > vulnerability?
As has already been pointed out, you're confusing things by choosing to assign different names to things. We already have a public and a private list. We're not renaming things or creating new lists just to match the names you think we should have. If you want to report an issue to the Qt project so that the whole world knows about it too, use development@qt-project.org. If you want to report an issue to the Qt project but you think the world perhaps shouldn't know about it yet, use secur...@qt-project.org. When the people on that list think the world should know about the issue, they'll let development@qt-project.org know. If you don't like that other people choose to let the Qt project know of a security issue without informing you at the same time... you'll have to take that up with those people because they would use security-private@ over security@ if those were the names we had. -- Link _______________________________________________ Development mailing list Development@qt-project.org http://lists.qt-project.org/mailman/listinfo/development
