Re: The New Security Build Infrastructure

To: debian-devel@lists.debian.org
Subject: Re: The New Security Build Infrastructure
From: Manoj Srivastava <srivasta@debian.org>
Date: Mon, 10 Jun 2002 14:21:10 -0500
Message-id: <[🔎] 87zny3kkih.fsf@glaurung.green-gryphon.com>
In-reply-to: <[🔎] 87bsakthj9.fsf@luminous.mit.edu> (Sam Hartman's message of "Sun, 09 Jun 2002 14:48:26 -0400")
References: <20020608082646.GA14111@azure.humbug.org.au> <[🔎] 87vg8to3ng.fsf@CERT.Uni-Stuttgart.DE> <[🔎] 20020608215616.GA22045@clothcat.demon.co.uk> <[🔎] 87bsakthj9.fsf@luminous.mit.edu>

>>"Sam" == Sam Hartman <hartmans@debian.org> writes:


 Stephen> This is the way it is with security, it is that way for
 Stephen> some very good reasons.  We either accept it, or we don't
 Stephen> *get* the advance notice and chance to release security
 Stephen> updates.  

 Sam> Here you argue only that it is a good idea to hide security updates,
 Sam> not that doing so is consistent with the social contract.  Not all
 Sam> right things are by their nature consistent with the particular
 Sam> document we adopted as our social contract.  While saying something is
 Sam> right is an argument that we should do it, it does not speak to
 Sam> whether that thing follows the social contract.

 Sam> It is quite possible that both hiding security updates is good and
 Sam> that doing so violates the social contract.  People believing such
 Sam> things should introduce a GR to change the social contract and allow
 Sam> hiding of security updates.

	Nice generalities, but not germane to the issue in hand.

	The way security advisories are structured, and the people who
 issue them are the ones making these rules, is that premature
 dissemination of the information shall get you excluded from the
 early warnings. That is going to be extremely detrimental to Debian
 users. 

	In situations like this, one has to actually weigh the
 ramifications of both alternatives, since there are pros and cons on
 either path; selecting one con from one branch and concentrating on
 it with blinkers on to hide the rest of the issue is not quite
 productive. 

	manoj
-- 
 "I've got children", "I've got wealth." This is the way a fool brings
 suffering on himself. He does not even own himself, so how can he
 have children or wealth? 62
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C


-- 
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: The New Security Build Infrastructure
  - From: "Joel Baker" <lucifer@lightbearer.com>

References:
- Re: The New Security Build Infrastructure
  - From: Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>
- Re: The New Security Build Infrastructure
  - From: Stephen Stafford <stephen@clothcat.demon.co.uk>
- Re: The New Security Build Infrastructure
  - From: Sam Hartman <hartmans@debian.org>

Prev by Date: Re: Galeon and Mozilla in woody have security issues
Next by Date: Re: The New Security Build Infrastructure
Previous by thread: Re: The New Security Build Infrastructure
Next by thread: Re: The New Security Build Infrastructure
Index(es):
- Date
- Thread