On 10/23/12, Lincoln Ramsay <a1291...@gmail.com> wrote: > We're not renaming things or creating new lists just to match the > names you think we should have. >
*sigh*, I had a feeling someone would say something like that. The changes are trivial at a glance, yes.... ...but what the Qt Project officially endorses/recommends is the real change here. Right now, the Qt Project instructs analysts use security-through-obscurity when reporting vulnerabilities. "If you find [...] a security issue, contact us at security at qt-project.org so we can deal with it" ( http://lists.qt-project.org/pipermail/development/2012-October/006893.html ). You could change that /security/index.html suggestion to recommend the development list for public and keep security@ for the private list, that makes no difference. Semantics. As an aside, I think it would be better for security to go in it's own list... but that's just an organizational decision. List names are not very important at all, whereas the policy on "where to report vulns" is extremely important. d3fault _______________________________________________ Development mailing list Development@qt-project.org http://lists.qt-project.org/mailman/listinfo/development
