Hello, In my original proposal e-mail, I should have said more about why I think this is a good idea. My apologies for not having done so. No-one who understands how GNU/Linux distributions work thinks that there is anything problematic about short-term embargos of information about serious security bugs. However, the SC is not just for those people: it's also something for newcomers to read. Imagine a newcomer who finds SC clause 3 very attractive: they particularly value transparency about development. Then they learn that certain information is held in a separate, non-public bug tracker, and their initial enthusiasm for Debian is somewhat dampened. If we pass this GR, we can avoid leaving a bad taste in that newcomer's mouth. That's good for Debian. On Mon, Jan 09, 2017 at 11:51:37PM -0500, Scott Kitterman wrote: > What is the definition of serious and what is the definition of > limited? Intentionally not specified, so that it's left up to the judgement of those implementing the social contract (i.e. the current body of developers, esp. the security team). The SC is full of words that work like this. -- Sean Whitton
Attachment:
signature.asc
Description: PGP signature