[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#129604: general: Social Contract: We Do Hide Problems

On Sat, Jan 19, 2002 at 01:39:59PM -0500, Anthony DeRobertis wrote:
> Can't we satisfy not disclosing the vulnerability and letting 
> our users know by doing something like this:
> 	Debian has been informed of a [<<type>>] vulnerability in
> 	<<package>> [by <<someone>>]. We are preparing an updated
> 	package, which will be available from security.debian.org
> 	along with a DSA [on <<date>>].

No. If the information was given in confidence then the recipients
cannot in good conscience disclose *any* of the information. You can
argue the point with those who originated the information, but not those
who received it.

Mike Stone

Reply to: