[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Proposed GR: State exception for security bugs in Social Contract clause 3



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 2017-01-10 07:49, Lars Wirzenius wrote:
> I'm not opposed to amending the SC to say that security issues my 
> be kept private for a limited time, but I'm not sure it's worth 
> it.

This.
Hear hear.

> I especially would like to avoid anything that results in 
> nitpicking details, either during a GR or in the future, about what
> is a security issue, what is a serious issue, and what is a limited
> time, and what punishments we should have for exceeding a time
> limit.

And I do not think it's possible to remove every little corner of
these things.

SC3 says that the issues should be public promptly and I think that
"promptly" can be different time periods from case to case.
I rather not change the SC now if that means that we avoid changing
other things in it in the future. It should not be seen as a document
that needs updates first and foremost.

Some kind of background to why Sean proposed the GR from the beginning
would be nice btw, haven't worked out that yet.

- -- 
brother
http://sis.bthstudent.se
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEVlIsX3Eri6ICyZwJOIRDexPY/4sFAlh13NEACgkQOIRDexPY
/4uJ7g/+Knj+ZBM6Bs/OwmsVK7N/P1QM3V+XZdFzRLv6SZgSLK5l4qidzFWteoRi
H3GZUidBRhLHX42fVT9dkH89cKPVapFjkwf9+2f6AWsbxSxvc5fLSvEV/8s4uZmn
TX3V+M7sKRu8hesXQJsiNVdn3Nas7aR/hBm3E2w58C2sCRjbmUxncZs07Qr3dyKM
jW5Vvy97R1VFnk9TQhEe5NJsGCBAz/SrRnu/wFMUkTT07qcdQTEJcjyCzG60q48z
1248plTXcAeR3ggdTe1dHtYiIPZSKTN2AMZlHB8Q/c3LBwqBcHvhUhmhukSWPq1S
z6vkLGEMp9eK3UzXq9JP42iZ1PXEzEcaOXK/IKN/XfvUxUASAmVkwrsywS+m8lGr
weg2mfHoZDZHDhikGGC8N/WrvL+y8gdVixaj3zXq7sDZ4smDBS81+qcsqkJyVGyd
VwrYzuoJ0UGbJTLDPXR5j1QXmoRn/xWfHdofvIrVDixL4C1I5ZRBuKQPXrFOXhKT
4m1w7b7N5FWWCCQXc9tlDHjARftu4uBCsse2lvGdJCFUS2K5LwRBzkpwadAb1h+N
opcM5KkdbiClSyRWvQPxl5Elmgvy/AUqcto/P5z2+9Ry8bYgVQrIWqHJ3PdeDPY6
jGyYbdJ0V80A9jcYz1DQNJrqIOKIndZQTf9NyKNepO+a+wk4KXE=
=2QoV
-----END PGP SIGNATURE-----


Reply to: