On Wed, Jun 19, 2002 at 10:08:01PM +1000, Jason Thomas wrote: > > 3. We Won't Hide Problems > > We will keep our entire bug-report database open for public view > > at all times. Reports that users file on-line will immediately > > become visible to others. > > The heading that you claim to be misunderstanding seems pretty well > > explained by the text underneath to me. > Do we take the text underneath to be the exactly what is meant by the > title. Suppose I'm fired from my job, in a scenario so messy that I'll never work in the tech industry again; and I have to take up construction work in order to keep my bills paid, leaving me no money for a good Internet connection and no time for package work. I post to debian-private, announcing that I'm orphaning all my packages and explaining why, but ask that the details of the matter be kept confidential. Is this a "problem"? Do developers have an obligation under the social contract to disclose this information in spite of my request? If the text of point 3 is not taken as definitive, why would you draw a line between hiding personal problems of developers, and hiding problems in software that you are only aware of in the first because you've agreed to not disclose it? Isn't any such line arbitrary if you draw it anywhere other than where the text of point 3 puts it? > I think its fair to assume it is a guideline and nothing more. If the whole thing is a guideline, that implies that developers have some latitude in deciding how to interpret it; and no serious claim can therefore be made against the security team based on point 3, because their interpretation can be no less valid than anyone else's. So if you have substantive reasons why you believe that the *actions* of developers in this regard are harmful, please present them. If you believe their actions are correct but the Social Contract is wrong, please explain why your interpretation of the Social Contract is more authoritative than the one everyone involved has been operating under. Steve Langasek postmodern programmer
Attachment:
pgpcMLFoVX62L.pgp
Description: PGP signature