Let's close this topic. It's not always the one who shouts loudest that wins an
argument.
We have a closed security mailing list, and I want to keep it that way. That
seems to also be in agreement with the majority of the maintainers who have
been dealing with this topic.
The members of the
On 10/24/2012 01:12 AM, d3fault wrote:
On 10/23/12, Lincoln Ramsay a1291...@gmail.com wrote:
We're not renaming things or creating new lists just to match the
names you think we should have.
*sigh*, I had a feeling someone would say something like that.
The changes are trivial at a glance,
On 10/24/12, Samuel Rødal samuel.ro...@digia.com wrote:
Lars and Charles both provided good lists of reasons in another part of
this thread for going with the policy of Responsible Disclosure. Clearly
you disagree on the weighting of the pros and cons, but it doesn't seem
like you're able to
tl;dr:
d3fault if you keep up the good work you can join the security team
the security team is for trustworthy individuals
d3fault, we don't trust you
How is my keeping up the good work earning trust? Do you guys really
not see the gaping hole in that logic?
d3fault
On Wed, Oct 24, 2012 at 11:55 AM, d3fault d3faultdot...@gmail.com wrote:
tl;dr:
How is my keeping up the good work earning trust? Do you guys really
not see the gaping hole in that logic?
I do certainly have problem trusting people that show that much interest
in getting access to all
Please disregard Zeno's personal attacks towards me and his request that
the subject die and we all move on. His type of email is exactly what I
describe two emails back. Waste (so is this one, except to keep the subject
alive).
If you can't say something relevant [to the argument], don't say
On 10/24/2012 11:30 AM, d3fault wrote:
On 10/24/12, Samuel Rødal samuel.ro...@digia.com wrote:
Lars and Charles both provided good lists of reasons in another part of
this thread for going with the policy of Responsible Disclosure. Clearly
you disagree on the weighting of the pros and cons,
On 10/24/12, Samuel Rødal samuel.ro...@digia.com wrote:
As far as I see it all the options have vulnerabilities, so it shouldn't
be hard to prove that they exist within either approach.
Yep. Close one giant security-through-obscurity vulnerability, open
the door for script kiddies. It's a
On 23/10/12 15:10, d3fault wrote:
Also please tell me why I can't join the Qt Security Team without
contradicting yourselves.
You haven't earned the trust of the people in charge.
The current security team members have earned the trust of the people in
charge.
No contradictions there.
--
You haven't earned the trust of the people in charge.
The current security team members have earned the trust of the people in
charge.
No contradictions there.
Why do they need to trust me?
Because the information is dangerous.
By admitting that the information is dangerous, they are
On 10/23/12, d3fault d3faultdot...@gmail.com wrote:
You're like the priests in the early days hiding information (the
ability to read and write) and trying to convince us it's for our own
good. Time will tell who is right. su time; echo d3fault is right;
exit;
That analogy fits better than I
On 10/23/12, Donald Carr sirsp...@gmail.com wrote:
life is clearly not a popularity contest for d3fault.
rofl thank you for that compliment. better than Charley telling me I'm
smart repeatedly -_-
I agree completely!!! It's just that the
recommended/officially-endorsed way of reporting
On 24/10/12 07:01, d3fault wrote:
If you discover a vulnerability, please report it to
secur...@qt-project.org and we'll take care of the rest. You can of
course join in on the discussion and suggest fixes etc, as Qt is a
COLLABORATIVE PROJECT.
If you think the vulnerability would cause harm
On 10/23/12, Lincoln Ramsay a1291...@gmail.com wrote:
We're not renaming things or creating new lists just to match the
names you think we should have.
*sigh*, I had a feeling someone would say something like that.
The changes are trivial at a glance, yes
...but what the Qt Project
May I have a list of the core security team members who I am forced to
entrust the security of my operations unto, so that I may hire private
detectives to do background checks on them (and also sneak into their homes
while they're away to perform a security analysis on their machines)? Thanks
On Fri, Oct 19, 2012 at 11:19:40AM -0700, d3fault wrote:
Mathematical Truth:
It is better:
To be vulnerable and know it (so you can shut down your machine or
unplug dat ethernet cable).
most secure == always off. But that is probably not practical. But then
again security is not a state but
http://users.ece.cmu.edu/~tdumitra/public_documents/bilge12_zero_day.pdf
Interesting article, but it tells us nothing. They merely talk about
Full vs. Responsible Disclosure, and they admit that it's an ongoing
debate. The overall conclusion after 12 pages in the article: the
disclosure of
On Oct 21, 2012 8:24 PM, Joseph Crowell joseph.w.crow...@gmail.com
wrote:
You propose that since zero day happens no matter what, we conveniently
make a zero day site ourselves so that the script kiddies don't have to do
it themselves.
did you mean to respond only to me?
Which do you fear
Wow. I don't usually rubber-neck as I drive by car-crashes, but I
must say, this has been one of the more fascinating email chains.
Not because of content; but rather, because in my introverted
I'm-so-lonely! world, observing humans-being-human has recently
become fascinating to me.
I had to
On Oct 20, 2012, at 5:18 AM, d3fault d3faultdot...@gmail.com wrote:
On Fri, Oct 19, 2012 at 3:37 PM, Knoll Lars lars.kn...@digia.com wrote:
This is just wrong, and I'm getting tired of your ramblings on this mailing
list. Just because you send something to the ML and people get tired of
I proposed it, therefore if nobody disagrees, I get consensus and the
decision goes into effect. I'll quote myself in an earlier post to
actually give this thread some substance:
On Thu, Oct 18, 2012 at 3:40 PM, d3fault d3faultdot...@gmail.com wrote:
tl;dr:
Open Project
Closed Security
The
On Fri, Oct 19, 2012 at 11:59 AM, d3fault d3faultdot...@gmail.com wrote:
I proposed it, therefore if nobody disagrees, I get consensus and the
decision goes into effect. I'll quote myself in an earlier post to
actually give this thread some substance:
Hi,
First you should let more than a day
On 19 October 2012 17:48, Alexis Menard ale...@webkit.org wrote:
Hi,
First you should let more than a day for people to answer.
Secondly I disagree with your statement and using the same link
(Debian) you sent let me quote something else :
And to add a proper reference other than the FAQ,
On Fri, Oct 19, 2012 at 9:48 AM, Alexis Menard ale...@webkit.org wrote:
First you should let more than a day for people to answer.
Waited 11 days in the other thread...
Secondly I disagree with your statement and using the same link
(Debian) you sent let me quote something else :
A: Once
Mathematical Truth:
It is better:
To be vulnerable and know it (so you can shut down your machine or
unplug dat ethernet cable).
Than:
To be vulnerable and not know it (especially when there's a growing
number of others that do).
d3fault
___
On Oct 19, 2012, at 4:59 PM, d3fault d3faultdot...@gmail.com wrote:
I proposed it, therefore if nobody disagrees, I get consensus and the
decision goes into effect. I'll quote myself in an earlier post to
actually give this thread some substance:
This is just wrong, and I'm getting tired of
On Fri, Oct 19, 2012 at 3:37 PM, Knoll Lars lars.kn...@digia.com wrote:
This is just wrong, and I'm getting tired of your ramblings on this mailing
list. Just because you send something to the ML and people get tired of
answering you doesn't mean your proposal is accepted.
I was writing
27 matches
Mail list logo