Re: Proposed GR: State exception for security bugs in Social Contract clause 3

To: debian-vote@lists.debian.org
Subject: Re: Proposed GR: State exception for security bugs in Social Contract clause 3
From: Sean Whitton <spwhitton@spwhitton.name>
Date: Sun, 15 Jan 2017 13:15:18 -0700
Message-id: <[🔎] 20170115201518.uwkblvztaq2jmogn@iris.silentflame.com>
In-reply-to: <[🔎] 85pojpsyq5.fsf@benfinney.id.au> <[🔎] 0bd3fda4-1a6b-0bd3-36c9-28674a435822@debian.org> <[🔎] 1484383720.3883.64.camel@debian.org> <[🔎] 87k29yju6u.fsf@hope.eyrie.org>

Thank you to Russ and Ben for the encouragement!

On Sat, Jan 14, 2017 at 08:48:40AM +0000, Ian Campbell wrote:
> You should read up on Coordinated (or Responsible) Disclosure vs. Full
> Disclosure (not an uncontroversial topic in itself), the choice of
> which one is used for a given bug is usually the choice of the
> person/organisation who _discovers_ the issue.
> [...]

On Sat, Jan 14, 2017 at 11:47:17AM +0100, Emilio Pozuelo Monfort wrote:
> Maybe there should be a note about how we handle embargoed vulnerabilities here:
> 
> https://www.debian.org/security/faq

Thanks for reminding me about that existing FAQs page.  I think that
Ian's e-mail, suitably edited, would be a great addition if both Ian and
the security team agreed.  It could then be linked to from my new
SocialContractFAQ page on the wiki.

-- 
Sean Whitton

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- Re: Proposed GR: State exception for security bugs in Social Contract clause 3
  - From: Russ Allbery <rra@debian.org>

Prev by Date: Re: Proposed GR: State exception for security bugs in Social Contract clause 3
Next by Date: Re: Proposed GR: State exception for security bugs in Social Contract clause 3
Previous by thread: Re: Proposed GR: State exception for security bugs in Social Contract clause 3
Next by thread: Re: Proposed GR: State exception for security bugs in Social Contract clause 3
Index(es):
- Date
- Thread