Bug#129604: general: Social Contract: We Do Hide Problems
On Thu, Jan 17, 2002 at 11:47:09AM -0500, Sam Hartman wrote:
>
> OK, this time you did present an argument that we are following the
> social contract. I don't really agree with your agrument; I suspect
> if I researched the term hiding, researched how most users read that
> clause of the social contract, and research what it was intended to
> prevent then I'd find that your interpretation was neither what was
> originally intended nor what our users think we mean. Certainly I
> think your interpretation disagrees with one user's reading presented
> in the essay _In the Beginning was the Command Line_.
>
> However I don't actually care enough about the issue to do that
> research and present a strong case that your interpretation is
> inconsistent with the contract. Nor do I really want to ask for a
> formal interpretation from the secretary under the constitution. I'm
> happy to sit back and let others who actually feel strongly about this
> issue do the work of presenting their case, and should they fail to
> care to spend the effort either, let the issue drop.
>
I think most people consider "hiding" as an intent to deceive, when it
comes to security issues (the context we are discussing). While a lot of
users might consider the timeframe between discovery and announcement as
"hiding", we have to make sure they understand that their best interests
are held, and that we are not trying to deceive anyone, and that the
timeframe is not a way to "hide" vulnerabilities, but a mechanism to be
sure they are protected, prior to public knowledge.
I'm sure if it was possible to let users know about a vulnerbility
before fixed packages were available, without letting the hackers know,
we would do it.
--
.----------=======-=-======-=========-----------=====------------=-=-----.
/ Ben Collins -- Debian GNU/Linux \
` bcollins@debian.org -- bcollins@openldap.org -- bcollins@linux.com '
`---=========------=======-------------=-=-----=-===-======-------=--=---'
Reply to: