Re: Proposed GR: State exception for security bugs in Social Contract clause 3

To: Sean Whitton <spwhitton@spwhitton.name>
Cc: debian-vote@lists.debian.org
Subject: Re: Proposed GR: State exception for security bugs in Social Contract clause 3
From: Joerg Jaspert <joerg@debian.org>
Date: Wed, 11 Jan 2017 09:17:27 +0100
Message-id: <[🔎] 87wpe26meg.fsf@delenn.ganneff.de>
Mail-followup-to: Sean Whitton <spwhitton@spwhitton.name>, debian-vote@lists.debian.org
In-reply-to: <[🔎] 20170110234536.gf7pq3smwvjh4pky@hephaestus.silentflame.com> (Sean Whitton's message of "Tue, 10 Jan 2017 16:45:36 -0700")
References: <[🔎] 20170110020819.h7dyrqxvywotn22r@hephaestus.silentflame.com> <[🔎] 3194402.efPJBb10Cu@kitterma-e6430> <[🔎] 20170110234536.gf7pq3smwvjh4pky@hephaestus.silentflame.com>

On 14549 March 1977, Sean Whitton wrote:
> No-one who understands how GNU/Linux distributions work thinks that
> there is anything problematic about short-term embargos of information
> about serious security bugs.  However, the SC is not just for those
> people: it's also something for newcomers to read.

> Imagine a newcomer who finds SC clause 3 very attractive: they
> particularly value transparency about development.  Then they learn that
> certain information is held in a separate, non-public bug tracker, and
> their initial enthusiasm for Debian is somewhat dampened.  If we pass
> this GR, we can avoid leaving a bad taste in that newcomer's mouth.
> That's good for Debian.

Is there really anyone like this? And dampened by how much, when
thinking about it?

Also, this is IMO nothing for a foundational document. But some docs
around it as explanation on how real world handles things.

Adding something like this opens a wormhole of "lets add this extra
condition here" "and hey, this little one there too" and gets the
document from a nice simple "thats it" to a murky "its this, but
sometimes that, and other times this" and end up with a hell where you
can avoid everything because the definition gets too mushy.

Right now its plain simple and one has to have a real good reason to go
around it, which is why its only embargoed security stuff, time limited,
that does.

-- 
bye, Joerg

Reply to:

Follow-Ups:
- Re: Proposed GR: State exception for security bugs in Social Contract clause 3
  - From: Sean Whitton <spwhitton@spwhitton.name>

References:
- Proposed GR: State exception for security bugs in Social Contract clause 3
  - From: Sean Whitton <spwhitton@spwhitton.name>
- Re: Proposed GR: State exception for security bugs in Social Contract clause 3
  - From: Scott Kitterman <debian@kitterman.com>
- Re: Proposed GR: State exception for security bugs in Social Contract clause 3
  - From: Sean Whitton <spwhitton@spwhitton.name>

Prev by Date: Re: Proposed GR: State exception for security bugs in Social Contract clause 3
Next by Date: Re: Proposed GR: State exception for security bugs in Social Contract clause 3
Previous by thread: Re: Proposed GR: State exception for security bugs in Social Contract clause 3
Next by thread: Re: Proposed GR: State exception for security bugs in Social Contract clause 3
Index(es):
- Date
- Thread