Debian Social Contract.
Please excuse my appearing to barge in, as I am not yet a member of the
Debian Project, but it seems to me that the "no hide" part of the Debian
Contract is a statement of principle.
It should be honored. By not honoring it, developers take the risk of
damaging Debian's reputation. If a security hole endangers machines,
everyone needs to know, because I can assure you that the kind of people who
take advantage of them do not keep the secret from each other - often posting
holes publicly for others to see.
If Debian doesn't post these promptly, and people get the information some
place else - thinking:
1. Debian isn't checking them out, or is slow to respond..
2. Or that Debian doesn't care.
3. Worst of all, that they are being buried deliberately.
Granted, this is my opinion.
Thanks,
T.J. Duchene
Reply to: