[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Proposed GR: State exception for security bugs in Social Contract clause 3

Thank you to Russ and Ben for the encouragement!

On Sat, Jan 14, 2017 at 08:48:40AM +0000, Ian Campbell wrote:
> You should read up on Coordinated (or Responsible) Disclosure vs. Full
> Disclosure (not an uncontroversial topic in itself), the choice of
> which one is used for a given bug is usually the choice of the
> person/organisation who _discovers_ the issue.
> [...]

On Sat, Jan 14, 2017 at 11:47:17AM +0100, Emilio Pozuelo Monfort wrote:
> Maybe there should be a note about how we handle embargoed vulnerabilities here:
> https://www.debian.org/security/faq

Thanks for reminding me about that existing FAQs page.  I think that
Ian's e-mail, suitably edited, would be a great addition if both Ian and
the security team agreed.  It could then be linked to from my new
SocialContractFAQ page on the wiki.

Sean Whitton

Attachment: signature.asc
Description: PGP signature

Reply to: