On Mon, Apr 26, 2004 at 10:48:50PM +0200, Florian Weimer wrote: > Manoj Srivastava <srivasta@debian.org> writes: > > We have ,often, failed to follow the social contract in the > > past, though this was the first wilful violation I recall. > Non-communication of security bugs (and the supporting infrastructure) > is at the border of a SC violation, too. > The Social Contract has not just one clause, and might be necessary to > weigh one against the other (as we do with security bugs). Uh, no, it's not. We have paragraphs under the headings for a reason: 3. We Won't Hide Problems We will keep our entire bug-report database open for public view at all times. Reports that users file on-line will immediately become visible to others. We do keep our entire bug-report database open for public view; and reports that users file are immediately visible to others. This clause isn't violated by the security team's practices, and there aren't any "weighings" being made. Cheers, aj -- Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/> Don't assume I speak for anyone but myself. GPG signed mail preferred. Protect Open Source in Australia from over-reaching changes to IP law http://www.petitiononline.com/auftaip/ & http://www.linux.org.au/fta/
Attachment:
signature.asc
Description: Digital signature