[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: The New Security Build Infrastructure

>>"Sam" == Sam Hartman <hartmans@debian.org> writes:

 Stephen> This is the way it is with security, it is that way for
 Stephen> some very good reasons.  We either accept it, or we don't
 Stephen> *get* the advance notice and chance to release security
 Stephen> updates.  

 Sam> Here you argue only that it is a good idea to hide security updates,
 Sam> not that doing so is consistent with the social contract.  Not all
 Sam> right things are by their nature consistent with the particular
 Sam> document we adopted as our social contract.  While saying something is
 Sam> right is an argument that we should do it, it does not speak to
 Sam> whether that thing follows the social contract.

 Sam> It is quite possible that both hiding security updates is good and
 Sam> that doing so violates the social contract.  People believing such
 Sam> things should introduce a GR to change the social contract and allow
 Sam> hiding of security updates.

	Nice generalities, but not germane to the issue in hand.

	The way security advisories are structured, and the people who
 issue them are the ones making these rules, is that premature
 dissemination of the information shall get you excluded from the
 early warnings. That is going to be extremely detrimental to Debian

	In situations like this, one has to actually weigh the
 ramifications of both alternatives, since there are pros and cons on
 either path; selecting one con from one branch and concentrating on
 it with blinkers on to hide the rest of the issue is not quite

 "I've got children", "I've got wealth." This is the way a fool brings
 suffering on himself. He does not even own himself, so how can he
 have children or wealth? 62
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: