also sprach Joey Hess <email@example.com> [2004.12.18.0454 +0100]: > > Look no further than the security team... your policy (on > > critical bugs) is to hide information unless you have reason to > > make them public. Why should other parts of Debian do it the > > other way around? > > I don't think that's true, It is, and it's called "responsible disclosure". > and if it were, I think it would be a problem, Please do not suggest "full disclosure" instead. There are plenty of good reasons for the way Debian does it. > and trying to use it to justify deny-by-default is absurd when > there are so many other good reasons to use that technique. I give you this. When I wrote the post I must have been sucked dry from all the talk on IRC. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <firstname.lastname@example.org> : :' : proud Debian developer, admin, user, and author `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
Description: Digital signature