[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Proposed GR: State exception for security bugs in Social Contract clause 3

On Tuesday, January 10, 2017 04:45:36 PM Sean Whitton wrote:
> Hello,
> In my original proposal e-mail, I should have said more about why I
> think this is a good idea.  My apologies for not having done so.
> No-one who understands how GNU/Linux distributions work thinks that
> there is anything problematic about short-term embargos of information
> about serious security bugs.  However, the SC is not just for those
> people: it's also something for newcomers to read.
> Imagine a newcomer who finds SC clause 3 very attractive: they
> particularly value transparency about development.  Then they learn that
> certain information is held in a separate, non-public bug tracker, and
> their initial enthusiasm for Debian is somewhat dampened.  If we pass
> this GR, we can avoid leaving a bad taste in that newcomer's mouth.
> That's good for Debian.
> On Mon, Jan 09, 2017 at 11:51:37PM -0500, Scott Kitterman wrote:
> > What is the definition of serious and what is the definition of
> > limited?
> Intentionally not specified, so that it's left up to the judgement of
> those implementing the social contract (i.e. the current body of
> developers, esp. the security team).
> The SC is full of words that work like this.

Yes, but all your proposed GR does is move the problem one definition to the 
right.  Are you aware of any newcomers that have been negatively affected this 

Scott K

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: