Re: Proposal for *Real* Declassification of debian-private archives
Florian Weimer <fw@deneb.enyo.de>
> I also worry about security reports that include personally
> identifiable information, trade (business?) secrets or copyrighted
> material, which are not really relevant to the bug itself, but were
> sent in with the expectation that this was a typical vendor security
> contact. Publishing such things might get Debian into legal trouble,
> especially if the publication was not requested by the original
> author.
Nearly all messages sent to debian-private are covered by copyright
and I think republishing any such past message could get Debian into
legal trouble, in general, unless there's explicit permission from its
author. If someone has a good global argument against that, please post
it here and/or the debian-legal thread. ("Fair use" is somewhat
variable globally.)
I've not thought much about trade secrets and privacy laws. Can someone
explain how they cause problems, please?
All in all, it looks like redefining -private to have no privacy
would be evil, bad and wrong. It would still be good to see a
team trying to publish the stuff that shouldn't be on there or
that is public interest, but that can happen without a policy
change GR.
--
MJR/slef
My Opinion Only: see http://people.debian.org/~mjr/
Please follow http://www.uk.debian.org/MailingLists/#codeofconduct
Reply to: