[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Proposed GR: State exception for security bugs in Social Contract clause 3

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, Jan 10, 2017 at 08:49:56AM +0200, Lars Wirzenius wrote:
> Now, it's true that we track security issues in a different, and
> it's private, which is in contradiction to what the social contract
> says:

It's also a service to our users and free software, so not doing it is also in
conflict with the SC.  Such conflicts are not unusual.  AFAIK we solve them by
deciding which is more important in this situation and doing that.

I do not think the SC needs to contain details on how that decision should be
made for every case.  As stated, this case seems to be a non-problem and I
would prefer to not solve it.

Thanks,
Bas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJYdIcqAAoJEJzRfVgHwHE6m2MP/jJ19gs3x8XSjgxt/8trhOH3
xd5MDQql5kEfV5UGEv3DZVVh3xj9MiKicRBSsm1c+zPIg7CwBHwSfAP3Ujj+2CkP
YA/TRPvYANzopRuv7VzQ8V1vz9dTZ/WWpkQQZHmx/rLe6sY59W9UBWNbTnb8STAz
nY/r3ZOr0fadsd3nL34Cx9psA+Iz74tIi9a8TsNkzl2GTDgqvXFk9jyHpHmbKyG6
geUE+3ZVWRzZ2S72fFZWA8ZWVngtlhDLPp0mcxyG9+1dr8KsrQNs+/9Asho36tfP
gyjwsb96QSRlv+C93MyaRk/G+OO23Mev4/s4AspuykVt6N/2XZG2SZs20ODoCHd0
odzXV72Dcl50Het3HYd3dCLWs1N/n6Kdc5leFrXZ6757wQjB28bZLuZ1DG6ENfwM
CIdgnPu5pn33tXPVt5k9b0TtJrNoc1FFC9pO7q5fr42BMGwJkj3T3uIRAX8twNwV
lBb12vNP3vRLUIPtSZpFrw007sWjiD+JVHz8YYT1zHA6mjouMlvLtm7ZapizafCD
OBEYIswI9uaqUA5buBbnWnf9kuSFlcJVVIf2O7EHcuRAwuqVU50eeLULSKxXwJRt
wHydafcx/4Y9Ef70lasaI6YFqWVUSw2tnT5N5DDNof9QHfceRwSc+kPggo1nWDFL
PvW26j7mfRb0qsiBYbpi
=dOVD
-----END PGP SIGNATURE-----
Reply to: