Re: The New Security Build Infrastructure

To: debian-devel <debian-devel@lists.debian.org>
Subject: Re: The New Security Build Infrastructure
From: Anthony Towns <aj@azure.humbug.org.au>
Date: Wed, 19 Jun 2002 23:52:17 +1000
Message-id: <[🔎] 20020619135217.GB7112@azure.humbug.org.au>
Mail-followup-to: debian-devel <debian-devel@lists.debian.org>
In-reply-to: <[🔎] 20020619120801.GA614@topic.com.au>
References: <20020608082646.GA14111@azure.humbug.org.au> <[🔎] 87vg8to3ng.fsf@CERT.Uni-Stuttgart.DE> <[🔎] 20020608215616.GA22045@clothcat.demon.co.uk> <[🔎] 87y9dbpucs.fsf@CERT.Uni-Stuttgart.DE> <[🔎] 20020619081258.GD31052@azure.humbug.org.au> <[🔎] 20020619111347.GB11626@topic.com.au> <[🔎] 20020619114205.GA5485@azure.humbug.org.au> <[🔎] 20020619120801.GA614@topic.com.au>

On Wed, Jun 19, 2002 at 10:08:01PM +1000, Jason Thomas wrote:
> > Have you read the social contract, btw? It says:
> Its part of becoming a debian developer, although I'd forgotten what it
> exactly says.

Sure, so had I, that's why I looked at it again to make sure I knew
what I was talking about. /usr/doc/debian/social-contract.txt from the
doc-debian package for reference.

> > 	3. We Won't Hide Problems
> > 	We will keep our entire bug-report database open for public view
> > 	at all times. Reports that users file on-line will immediately
> > 	become visible to others.
> > The heading that you claim to be misunderstanding seems pretty well
> > explained by the text underneath to me.
> Do we take the text underneath to be the exactly what is meant by the
> title.

Seems like a fairly reasonable thing to do to me.

The security issue thing isn't the only alternative interpretation of
that heading. You could also take it as a statement of intent not to work
around problems, for example not to use stackguard or firewalling tools
to hide buffer overruns or buggy servers. I'd expect just about any short
heading like that to cover any of at least a handful of different topics.

> But as for greping available to see if someones suggeston/comment is
> worthy, thats just stupid. Users don't have to be developers, and they
> have every right to make suggestions. I was always told the only dumb
> question is the one you don't ask.

Certainly. I find it helpful to know whether people who join debian-devel
and complain about how "we're" doing things is actually one of us,
or not.  Since everyone who subscribes to Debian's goals is welcome to
join in and help out, I personally don't give much weight to people who
aren't willing to do that but who think they're opinion alone is enough
to justify any amount of effort on any number of other people's behalf.

Cheers,
aj

-- 
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.

     ``BAM! Science triumphs again!'' 
                    -- http://www.angryflower.com/vegeta.gif

Attachment: pgpTbMHfZpwjJ.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: The New Security Build Infrastructure
  - From: Branden Robinson <branden@debian.org>

References:
- Re: The New Security Build Infrastructure
  - From: Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>
- Re: The New Security Build Infrastructure
  - From: Stephen Stafford <stephen@clothcat.demon.co.uk>
- Re: The New Security Build Infrastructure
  - From: Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>
- Re: The New Security Build Infrastructure
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: The New Security Build Infrastructure
  - From: Jason Thomas <jason@debian.org>
- Re: The New Security Build Infrastructure
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: The New Security Build Infrastructure
  - From: Jason Thomas <jason@debian.org>

Prev by Date: Re: The New Security Build Infrastructure
Next by Date: Re: SuSE, Caldera, Connectiva and TurboLinux to do a new distribution togerther?
Previous by thread: Re: The New Security Build Infrastructure
Next by thread: Re: The New Security Build Infrastructure
Index(es):
- Date
- Thread