[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#129604: general: Social Contract: We Do Hide Problems



Scott Dier writes:
I only advise that this happens IF and ONLY IF those alerting multiple
vendors says it is ok,

I agree. We don't want to be left out in the cold. If a consensus could be obtained in the security community then we can make it standing, documented Debian policy.
and IF and ONLY IF it gets put out on widely used
channels, in a context not debian specific. (bugtraq, for instance)
If we just warn debian users, we do a disservice to other vendors.

I don't see why. If other vendors keep their users in the dark when they don't have to (i.e., alerting party says 'there is a bug' notification is OK), then they are doing their own users a disfavor. Ok course, quite a few DSA's go to bugtraq anyway, so these alerts might too.

Attachment: pgpI9L3vEduVb.pgp
Description: PGP signature


Reply to: