[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#129604: general: Social Contract: We Do Hide Problems

>>>>> "Ben" == Ben Collins <bcollins@debian.org> writes:

    Ben> On Thu, Jan 17, 2002 at 11:22:34AM -0500, Sam Hartman wrote:
    >> >>>>> "Ben" == Ben Collins <bcollins@debian.org> writes:
    >> 
    Ben> You are misunderstanding two different circumstances.
    Ben> Security alerts happen in two different ways:
    >>
    Ben> 1) The Author/Vendor/Security-Group discovers the
    Ben> vulnerability in a closed situation. They want the
    Ben> distribution vendors to have a chance to fix before making
    Ben> the vulnerability know. So they cooperate. This is good, not
    Ben> only for the distro vendors, but for their users.
    >>  I understand this circumstance fine.  Saying that it exists
    >> and even saying that it is ideal does not mean that it is
    >> consistent with the social contract.
    >> 
    >> I think this bug points out a real variance between the social
    >> contract and what we actually do.  You have not said anything
    >> that presents an argument against this position.  You have
    >> simply proposed that the current practice rather than the
    >> social contract is to be desired.
    >> 
    >> Perhaps you as DPL should introduce a resolution to fix the
    >> social contract if you believe that the current practice for
    >> incident type 1 is correct.  You could probably even convince
    >> me to second such a GR.

    Ben> I think your are confusin "hiding" with "good
    Ben> judgement". Hiding means keeping it secret for extended,
    Ben> unwarranted periods for no other reason than to give the
    Ben> appearance that there is no problem. 

OK, this time you did present an argument that we are following the
social contract.  I don't really agree with your agrument; I suspect
if I researched the term hiding, researched how most users read that
clause of the social contract, and research what it was intended to
prevent then I'd find that your interpretation was neither what was
originally intended nor what our users think we mean.  Certainly I
think your interpretation disagrees with one user's reading presented
in the essay _In the Beginning was the Command Line_.

However I don't actually care enough about the issue to do that
research and present a strong case that your interpretation is
inconsistent with the contract.  Nor do I really want to ask for a
formal interpretation from the secretary under the constitution.  I'm
happy to sit back and let others who actually feel strongly about this
issue do the work of presenting their case, and should they fail to
care to spend the effort either, let the issue drop.

--Sam
Reply to: