On Monday, January 09, 2017 07:08:19 PM Sean Whitton wrote: > === BEGIN GR TEXT === > > Title: State exception for security bugs in Social Contract clause 3 > > 1. Debian has a longstanding practice of sharing information about > serious security bugs with only the security team. This is so that > they can co-ordinate release of the information with other vendors. > > 2. The third clause of our Social Contract says that "We will not hide > problems." However, the practice of embargoing information about > serious security bugs could be seen as the hiding of problems. > > 3. Resolve to append the following to clause 3 of the Social Contract: > > An exception is made for serious security problems. Information > about these may be kept confidential for a limited period of time, > so that a release of information may be co-ordinated with other > vendors. > > === END GR TEXT === What is the definition of serious and what is the definition of limited? Scott K
Attachment:
signature.asc
Description: This is a digitally signed message part.