[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Proposed GR: State exception for security bugs in Social Contract clause 3


In my original proposal e-mail, I should have said more about why I
think this is a good idea.  My apologies for not having done so.

No-one who understands how GNU/Linux distributions work thinks that
there is anything problematic about short-term embargos of information
about serious security bugs.  However, the SC is not just for those
people: it's also something for newcomers to read.

Imagine a newcomer who finds SC clause 3 very attractive: they
particularly value transparency about development.  Then they learn that
certain information is held in a separate, non-public bug tracker, and
their initial enthusiasm for Debian is somewhat dampened.  If we pass
this GR, we can avoid leaving a bad taste in that newcomer's mouth.
That's good for Debian.

On Mon, Jan 09, 2017 at 11:51:37PM -0500, Scott Kitterman wrote:
> What is the definition of serious and what is the definition of
> limited?

Intentionally not specified, so that it's left up to the judgement of
those implementing the social contract (i.e. the current body of
developers, esp. the security team).

The SC is full of words that work like this.

Sean Whitton

Attachment: signature.asc
Description: PGP signature

Reply to: