Re: Proposed GR: State exception for security bugs in Social Contract clause 3

2017-01-09 Thread Bas Wijnen
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, Jan 10, 2017 at 08:49:56AM +0200, Lars Wirzenius wrote: > Now, it's true that we track security issues in a different, and > it's private, which is in contradiction to what the social contract > says: It's also a service to our users and free

Re: Proposed GR: State exception for security bugs in Social Contract clause 3

2017-01-09 Thread Lars Wirzenius
On Tue, Jan 10, 2017 at 07:30:23AM +0100, Moritz Mühlenhoff wrote: > Scott Kitterman wrote: > > Has anyone ever seriously questioned the appropriateness of the > > Security Team's practices based on the Social Contract? > > Not in the last 11 years since I'm around. If that

Re: Proposed GR: State exception for security bugs in Social Contract clause 3

2017-01-09 Thread Moritz Mühlenhoff
Scott Kitterman wrote: > Has anyone ever > seriously questioned the appropriateness of the Security Team's practices > based on the Social Contract? Not in the last 11 years since I'm around. If that came up before, Martin or Wichert should know. > I don't think we

Re: Proposed GR: State exception for security bugs in Social Contract clause 3

2017-01-09 Thread Scott Kitterman
On Monday, January 09, 2017 09:00:58 PM Russ Allbery wrote: > Scott Kitterman writes: > > On Monday, January 09, 2017 07:08:19 PM Sean Whitton wrote: > >> === BEGIN GR TEXT === > >> > >> Title: State exception for security bugs in Social Contract clause 3 > >> > >> 1.

Re: Proposed GR: State exception for security bugs in Social Contract clause 3

2017-01-09 Thread Russ Allbery
Scott Kitterman writes: > On Monday, January 09, 2017 07:08:19 PM Sean Whitton wrote: >> === BEGIN GR TEXT === >> >> Title: State exception for security bugs in Social Contract clause 3 >> >> 1. Debian has a longstanding practice of sharing information about >>serious

Re: Proposed GR: State exception for security bugs in Social Contract clause 3

2017-01-09 Thread Scott Kitterman
On Monday, January 09, 2017 07:08:19 PM Sean Whitton wrote: > === BEGIN GR TEXT === > > Title: State exception for security bugs in Social Contract clause 3 > > 1. Debian has a longstanding practice of sharing information about >serious security bugs with only the security team. This is so

Proposed GR: State exception for security bugs in Social Contract clause 3

2017-01-09 Thread Sean Whitton
=== BEGIN GR TEXT === Title: State exception for security bugs in Social Contract clause 3 1. Debian has a longstanding practice of sharing information about serious security bugs with only the security team. This is so that they can co-ordinate release of the information with other