Re: Debian Social Contract.
On Wed, Jan 16, 2002 at 07:15:09PM -0600, T.J. Duchene wrote:
> Please excuse my appearing to barge in, as I am not yet a member of the
> Debian Project, but it seems to me that the "no hide" part of the Debian
> Contract is a statement of principle.
>
> It should be honored. By not honoring it, developers take the risk of
> damaging Debian's reputation. If a security hole endangers machines,
> everyone needs to know, because I can assure you that the kind of people who
> take advantage of them do not keep the secret from each other - often posting
> holes publicly for others to see.
>
> If Debian doesn't post these promptly, and people get the information some
> place else - thinking:
What makes you think Debian hides these things? We do no such thing. We
post security updates to security-announce, and announce on many
full-disclosure sites as well.
Ben
--
.----------=======-=-======-=========-----------=====------------=-=-----.
/ Ben Collins -- Debian GNU/Linux \
` bcollins@debian.org -- bcollins@openldap.org -- bcollins@linux.com '
`---=========------=======-------------=-=-----=-===-======-------=--=---'
Reply to: