More silly Social Contract debate

To: debian-devel <debian-devel@lists.debian.org>
Subject: More silly Social Contract debate
From: Steve Langasek <vorlon@netexpress.net>
Date: Wed, 19 Jun 2002 10:10:41 -0500
Message-id: <[🔎] 20020619151041.GA4275@netexpress.net>
Mail-followup-to: debian-devel <debian-devel@lists.debian.org>
In-reply-to: <[🔎] 20020619120801.GA614@topic.com.au>
References: <20020608082646.GA14111@azure.humbug.org.au> <[🔎] 87vg8to3ng.fsf@CERT.Uni-Stuttgart.DE> <[🔎] 20020608215616.GA22045@clothcat.demon.co.uk> <[🔎] 87y9dbpucs.fsf@CERT.Uni-Stuttgart.DE> <[🔎] 20020619081258.GD31052@azure.humbug.org.au> <[🔎] 20020619111347.GB11626@topic.com.au> <[🔎] 20020619114205.GA5485@azure.humbug.org.au> <[🔎] 20020619120801.GA614@topic.com.au>

On Wed, Jun 19, 2002 at 10:08:01PM +1000, Jason Thomas wrote:

> > 	3. We Won't Hide Problems

> > 	We will keep our entire bug-report database open for public view
> > 	at all times. Reports that users file on-line will immediately
> > 	become visible to others.

> > The heading that you claim to be misunderstanding seems pretty well
> > explained by the text underneath to me.
> Do we take the text underneath to be the exactly what is meant by the
> title.

Suppose I'm fired from my job, in a scenario so messy that I'll never
work in the tech industry again; and I have to take up construction work
in order to keep my bills paid, leaving me no money for a good Internet
connection and no time for package work.  I post to debian-private,
announcing that I'm orphaning all my packages and explaining why, but
ask that the details of the matter be kept confidential.

Is this a "problem"?  Do developers have an obligation under the social
contract to disclose this information in spite of my request?

If the text of point 3 is not taken as definitive, why would you draw a
line between hiding personal problems of developers, and hiding problems
in software that you are only aware of in the first because you've
agreed to not disclose it?  Isn't any such line arbitrary if you draw it
anywhere other than where the text of point 3 puts it?

> I think its fair to assume it is a guideline and nothing more.

If the whole thing is a guideline, that implies that developers have
some latitude in deciding how to interpret it; and no serious claim can
therefore be made against the security team based on point 3, because
their interpretation can be no less valid than anyone else's.  So if you
have substantive reasons why you believe that the *actions* of
developers in this regard are harmful, please present them.  If you
believe their actions are correct but the Social Contract is wrong,
please explain why your interpretation of the Social Contract is more
authoritative than the one everyone involved has been operating under.

Steve Langasek
postmodern programmer

Attachment: pgpcMLFoVX62L.pgp
Description: PGP signature

Reply to:

References:
- Re: The New Security Build Infrastructure
  - From: Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>
- Re: The New Security Build Infrastructure
  - From: Stephen Stafford <stephen@clothcat.demon.co.uk>
- Re: The New Security Build Infrastructure
  - From: Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>
- Re: The New Security Build Infrastructure
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: The New Security Build Infrastructure
  - From: Jason Thomas <jason@debian.org>
- Re: The New Security Build Infrastructure
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: The New Security Build Infrastructure
  - From: Jason Thomas <jason@debian.org>

Prev by Date: Re: The New Security Build Infrastructure
Next by Date: Re: The New Security Build Infrastructure
Previous by thread: Re: The New Security Build Infrastructure
Next by thread: Re: The New Security Build Infrastructure
Index(es):
- Date
- Thread