mirror of
http://code.qt.io/yocto/meta-qt6.git
synced 2026-01-01 13:58:07 +00:00
82c0d891a7
Add details about Qt Project security policy. The SECURITY.md file is now required by the yocto-check-layer script. Change-Id: Icbcd63bb15c0d106b1bde4c2b9c43aebe1031797 Reviewed-by: Mikko Gronoff <mikko.gronoff@qt.io> Reviewed-by: Inkamari Harjula <inkamari.harjula@qt.io> Reviewed-by: Ari Parkkila <ari.parkkila@qt.io> (cherry picked from commitec3ac717cf) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> (cherry picked from commit62aa0e3dbe)
1.5 KiB
1.5 KiB
Qt Project Security Policy
The Qt Project specifies its security policy in QUIP 15. A summary of the security policy:
- Qt has a Core Security Team that enforces the security policy and addresses issues.
- Proactive measures to prevent security issues - code reviews, code analysis, fuzz testing, and so on.
- Reporting Security Issues: the Core Security Team monitors security issues for Qt modules and affected third-party components.
- Handling Security Issues: the maintainers, Core Security Team, Chief Maintainer, and the Qt Company share and handle security issues.
- Disclosure of confirmed security issues at Common Vulnerabilities and Exposures database and a public announcement to the Qt announce@qt-project.org mailing list.
Reporting Security Issues
To report security issues in Qt Products, send an email to Security Mail List at security@qt-project.org. The Core Security Team monitors and moderates incoming emails on business days (excluding weekends). After sending an email to the Security Mail List, there will be an acknowledgment of receipt within two business days. If there is no response, then the reporter should contact the Chief Maintainer directly.
What Versions of Qt are Covered by this Policy?
While we are interested in reports against any Qt version that is still maintained, fixes are only guaranteed to be provided for:
- The latest released version.
- The preceding minor version.