Re: GR Proposal: Declassification of -private

["Bernhard R. Link" <brlink@debian.org>]

* Anthony Towns <aj@azure.humbug.org.au> [051115 03:12]:
> In accordance with principles of openness and transparency, Debian will
> seek to declassify and publish posts of historical or ongoing significance
> made to the Debian Private Mailing List.
> [...]
>   * The team will automatically declassify and publish posts made to
>     that list after three years, with the following exceptions:
                      =====
>[...]
>     - publication of posts that would reveal otherwise unpublished
>       security vulnerabilities in currently supported releases of a
>       Debian distribution will be deferred;

Are you serious?

If some such mail found its way to debian-private, it should be
considered published to all blackhat by that action already. (As it
will be sent unencrypted in several hundred copies over the internet,
lying around unencrypted in several hundred mailboxes, ...)

In the event of such an mail, everything should be done to declassify it
immediately. 

Such a point is such a list is a very bad joke, as it could be read
that:
 - such a mail should not be published
 - there are such mails
or even
 - there are such mails still descriping something open 3 years later.

	Bernhard R. Link