mirror of
http://code.qt.io/yocto/meta-qt6.git
synced 2026-01-01 13:58:07 +00:00
ec3ac717cf
Add details about Qt Project security policy. The SECURITY.md file is now required by the yocto-check-layer script. Pick-to: 6.9 6.8 Change-Id: Icbcd63bb15c0d106b1bde4c2b9c43aebe1031797 Reviewed-by: Mikko Gronoff <mikko.gronoff@qt.io> Reviewed-by: Inkamari Harjula <inkamari.harjula@qt.io> Reviewed-by: Ari Parkkila <ari.parkkila@qt.io>
27 lines
1.5 KiB
Markdown
27 lines
1.5 KiB
Markdown
Qt Project Security Policy
|
|
==========================
|
|
|
|
The Qt Project specifies its security policy in [QUIP 15](https://contribute.qt-project.org/quips/15). A summary of the security policy:
|
|
|
|
* Qt has a Core Security Team that enforces the security policy and addresses issues.
|
|
* Proactive measures to prevent security issues - code reviews, code analysis, fuzz testing, and so on.
|
|
* Reporting Security Issues: the Core Security Team monitors security issues for Qt modules and affected third-party components.
|
|
* Handling Security Issues: the maintainers, Core Security Team, Chief Maintainer, and the Qt Company share and handle security issues.
|
|
* Disclosure of confirmed security issues at Common Vulnerabilities and Exposures database and a public announcement to the Qt announce@qt-project.org mailing list.
|
|
|
|
Reporting Security Issues
|
|
-------------------------
|
|
|
|
To report security issues in Qt Products, send an email to Security Mail List at security@qt-project.org.
|
|
The Core Security Team monitors and moderates incoming emails on business days (excluding weekends).
|
|
After sending an email to the Security Mail List, there will be an acknowledgment of receipt within
|
|
two business days. If there is no response, then the reporter should contact the Chief Maintainer directly.
|
|
|
|
What Versions of Qt are Covered by this Policy?
|
|
-----------------------------------------------
|
|
|
|
While we are interested in reports against any Qt version that is still maintained, fixes are only guaranteed to be provided for:
|
|
|
|
* The latest released version.
|
|
* The preceding minor version.
|