[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Proposed GR: State exception for security bugs in Social Contract clause 3


On Fri, Jan 13, 2017 at 11:38:25AM -0600, Gunnar Wolf wrote:
> Of course, I take it as my fault (maybe because I recognized Sean as
> quite active already in the project, overestimating his grip of our
> common practices and general views) that I didn't give enough
> background on similar experiences we had in the past (i.e. the long
> flamefest¹ that followed "Editorial amendments"² and that quite
> clearly delayed Sarge for over a year), which in turn explain why our
> community views GRs as something that should be very sparingly used.

For the record, I do not take Gunnar to be at any fault here.  However,
it is true that had Gunnar not expected my GR to be uncontroversial, I
probably wouldn't have proposed it.

While I stand by my GR in principle, I agree with those who have said
that it is not worth spending time on something like this unless it's
going to pass without opposition.  Since this GR /has/ turned out to be
quite controversial, I hereby withdraw it.

> Now, the arguments that have been given so far regarding this topic
> are strong, and I do think I should have thought better my answers as
> an AM. I did feel a moral obligation to answer to this thread. I
> understand Sean must be frustrated by the lack of empathy to his drive
> for correcting reality impedance; maybe it should not be via an
> amendment to a foundation document, but by prominently enough
> (somebody please define "enough") clearly documenting that we adhere
> to reasonable embargo disclosure guidelines, such as the one mentioned
> by Russ.

I just created this: https://wiki.debian.org/SocialContractFAQ

My understanding of the policy that Russ linked to was that the security
team are de facto bound to that policy because all the other distros are
following it.  Is that right?  If so, it could be added to the new FAQ.

After some polishing, maybe the WWW team could add a link to the new FAQ
from the Social Contract itself.  That would adequately respond to the
reasons I had for proposing this GR: a newcomer who was particularly
concerned about transparency would soon find their way to this page.

Sean Whitton

Attachment: signature.asc
Description: PGP signature

Reply to: