[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#129604: general: Social Contract: We Do Hide Problems



* Anthony DeRobertis <asd@suespammers.org> [020119 13:09]:
> Can't we satisfy not disclosing the vulnerability and letting 
> our users know by doing something like this:
> 
> 	Debian has been informed of a [<<type>>] vulnerability in

I only advise that this happens IF and ONLY IF those alerting multiple
vendors says it is ok, and IF and ONLY IF it gets put out on widely used
channels, in a context not debian specific.  (bugtraq, for instance)

If we just warn debian users, we do a disservice to other vendors.

If we warn without asking, we will never find out in advance from anyone
anymore, and our users will be worse off.

-- 
Scott Dier <dieman@ringworld.org> http://www.ringworld.org/

the desire for space travel is a metaphor for escape

Attachment: pgp6kMHKDD1rK.pgp
Description: PGP signature


Reply to: