Bug#129604: general: Social Contract: We Do Hide Problems

To: Ben Collins <bcollins@debian.org>, 129604@bugs.debian.org
Cc: "David N. Welton" <davidw@dedasys.com>, Sam Hartman <hartmans@debian.org>, Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>
Subject: Bug#129604: general: Social Contract: We Do Hide Problems
From: Anthony DeRobertis <asd@suespammers.org>
Date: Sat, 19 Jan 2002 13:39:59 -0500
Message-id: <[🔎] F1589260-0D0B-11D6-BBF8-00039355CFA6@suespammers.org>
Reply-to: Anthony DeRobertis <asd@suespammers.org>, 129604@bugs.debian.org
In-reply-to: <[🔎] 20020117180451.GS5977@blimpo.internal.net>

Can't we satisfy not disclosing the vulnerability and lettingour users know by doing something like this:


	Debian has been informed of a [<<type>>] vulnerability in
	<<package>> [by <<someone>>]. We are preparing an updated
	package, which will be available from security.debian.org
	along with a DSA [on <<date>>].

	To the best of our knowledge, this is not being exploited
	in the wild. However, you are cautioned to take reasonable
	precautions, such as not using <<package>> if not needed.

This way, we don't release the details to the bad guy. We doalert our users to be on the lookout.


And we're certainly not hiding our problems, by any stretch of the word.

Reply to:

Follow-Ups:
- Bug#129604: general: Social Contract: We Do Hide Problems
  - From: Scott Dier <dieman@ringworld.org>
- Bug#129604: general: Social Contract: We Do Hide Problems
  - From: Michael Stone <mstone@debian.org>

References:
- Bug#129604: general: Social Contract: We Do Hide Problems
  - From: Ben Collins <bcollins@debian.org>

Prev by Date: Re: [kde] setting an /opt precedent
Next by Date: Re: Will woody ever become stable?
Previous by thread: Bug#129604: general: Social Contract: We Do Hide Problems
Next by thread: Bug#129604: general: Social Contract: We Do Hide Problems
Index(es):
- Date
- Thread