On Mon, Apr 26, 2004 at 10:48:50PM +0200, Florian Weimer wrote:
> Manoj Srivastava <srivasta@debian.org> writes:
> > We have ,often, failed to follow the social contract in the
> > past, though this was the first wilful violation I recall.
> Non-communication of security bugs (and the supporting infrastructure)
> is at the border of a SC violation, too.
> The Social Contract has not just one clause, and might be necessary to
> weigh one against the other (as we do with security bugs).
Uh, no, it's not. We have paragraphs under the headings for a reason:
3. We Won't Hide Problems
We will keep our entire bug-report database open for public view at all
times. Reports that users file on-line will immediately become visible
to others.
We do keep our entire bug-report database open for public view; and
reports that users file are immediately visible to others. This clause
isn't violated by the security team's practices, and there aren't any
"weighings" being made.
Cheers,
aj
--
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
Don't assume I speak for anyone but myself. GPG signed mail preferred.
Protect Open Source in Australia from over-reaching changes to IP law
http://www.petitiononline.com/auftaip/ & http://www.linux.org.au/fta/
Attachment:
signature.asc
Description: Digital signature