[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: /var/log on Debian systems

also sprach Joey Hess <joeyh@debian.org> [2004.12.18.0454 +0100]:
> > Look no further than the security team... your policy (on
> > critical bugs) is to hide information unless you have reason to
> > make them public. Why should other parts of Debian do it the
> > other way around?
> I don't think that's true,

It is, and it's called "responsible disclosure".

> and if it were, I think it would be a problem, 

Please do not suggest "full disclosure" instead. There are plenty of
good reasons for the way Debian does it.

> and trying to use it to justify deny-by-default is absurd when
> there are so many other good reasons to use that technique.

I give you this. When I wrote the post I must have been sucked dry
from all the talk on IRC.

Please do not send copies of list mail to me; I read the list!
 .''`.     martin f. krafft <madduck@debian.org>
: :'  :    proud Debian developer, admin, user, and author
`. `'`
  `-  Debian - when you have better things to do than fixing a system
Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!

Attachment: signature.asc
Description: Digital signature

Reply to: