Re: Proposal G

To: Andreas Barth <aba@not.so.argh.org>
Cc: debian-vote@lists.debian.org
Subject: Re: Proposal G
From: Florian Weimer <fw@deneb.enyo.de>
Date: Thu, 03 Jun 2004 21:36:57 +0200
Message-id: <[🔎] 87wu2o1lie.fsf@deneb.enyo.de>
In-reply-to: <[🔎] 20040603085732.GC28818@mails.so.argh.org> (Andreas Barth's message of "Thu, 3 Jun 2004 10:57:32 +0200")
References: <20040428014134.GA23222@quetzlcoatl.dodds.net> <20040505120639.GA16587@suffields.me.uk> <[🔎] 20040601081915.GC28475@mails.so.argh.org> <[🔎] 87fz9eqvaj.fsf@glaurung.internal.golden-gryphon.com> <[🔎] 8765a94fcz.fsf@deneb.enyo.de> <[🔎] 87wu2p70ks.fsf@glaurung.internal.golden-gryphon.com> <[🔎] 20040603085732.GC28818@mails.so.argh.org>

* Andreas Barth:

> Actually, we hide security bugs. Of course not, if they are filled
> into the bts, but we hide them if they are sent to team@security.
> Please don't misunderstand me; I think the current approach is the
> right one, but with literal reading SC #3 is tangled (and I know that
> Florian disagrees with me here).

Just for the record, because opinions sometimes change over time: I
see this particular case as a mere example where we must somehow
balance one goal expressed in the SC against another, conflicting one.
I think it's important to realize that the SC does not automatically
offer a clear-cut answer to every complex question.

Furthermore, I do no longer closely follow developments in
vulnerability handling.  I simply do not know if vendor-sec is playing
into the hands of commercial vulnerability resellers such as CERT/CC /
US-CERT / Internet Security Alliance, OIS, SecurityFocus / Symantec
and so on (those companies who do have a public BTS which incurs a
noticeable publication delay, to protect their business interests more
than their users' interests).

-- 
Current mail filters: many dial-up/DSL/cable modem hosts, and the
following domains: bigpond.com, di-ve.com, fuorissimo.com, hotmail.com,
jumpy.it, libero.it, netscape.net, postino.it, simplesnet.pt, spymac.com,
tiscali.co.uk, tiscali.cz, tiscali.it, voila.fr, yahoo.com.

Reply to:

References:
- Proposal G (was: Proposal - Deferment of Changes from GR 2004-003)
  - From: Andreas Barth <aba@not.so.argh.org>
- Re: Proposal G
  - From: Manoj Srivastava <srivasta@debian.org>
- Re: Proposal G
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: Proposal G
  - From: Manoj Srivastava <srivasta@debian.org>
- Re: Proposal G
  - From: Andreas Barth <aba@not.so.argh.org>

Prev by Date: Re: _Our_ resolution merely affirms the status quo
Next by Date: Re: Proposal G
Previous by thread: Re: Proposal G
Next by thread: Re: Proposal - Deferment of Changes from GR 2004-003
Index(es):
- Date
- Thread