[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#129604: general: Social Contract: We Do Hide Problems

On Sat, Jan 19, 2002 at 10:24:36AM -0600, Steve Langasek wrote:
> It's one thing to keep quiet about a security hole when the information
> is already public or there's a known exploit in the wild; and there's 
> been disagreement in the past over the security team's policy in such 
> cases of waiting for the build daemons before releasing advisories.  

We should indeed reconsider that, at least when the problem is 
already widely known e.g. by a bugtraq posting. But let's discuss 
that later - we have to release a distribution!

> It's another thing to cooperate with those providing us information in 
> order to ensure they will continue to do so.

Well put. Fully agreed


Attachment: pgpQwsDtSq2RM.pgp
Description: PGP signature

Reply to: