Re: Proposed GR: State exception for security bugs in Social Contract clause 3
On 14549 March 1977, Sean Whitton wrote:
> No-one who understands how GNU/Linux distributions work thinks that
> there is anything problematic about short-term embargos of information
> about serious security bugs. However, the SC is not just for those
> people: it's also something for newcomers to read.
> Imagine a newcomer who finds SC clause 3 very attractive: they
> particularly value transparency about development. Then they learn that
> certain information is held in a separate, non-public bug tracker, and
> their initial enthusiasm for Debian is somewhat dampened. If we pass
> this GR, we can avoid leaving a bad taste in that newcomer's mouth.
> That's good for Debian.
Is there really anyone like this? And dampened by how much, when
thinking about it?
Also, this is IMO nothing for a foundational document. But some docs
around it as explanation on how real world handles things.
Adding something like this opens a wormhole of "lets add this extra
condition here" "and hey, this little one there too" and gets the
document from a nice simple "thats it" to a murky "its this, but
sometimes that, and other times this" and end up with a hell where you
can avoid everything because the definition gets too mushy.
Right now its plain simple and one has to have a real good reason to go
around it, which is why its only embargoed security stuff, time limited,
that does.
--
bye, Joerg
Reply to: