=== BEGIN GR TEXT === Title: State exception for security bugs in Social Contract clause 3 1. Debian has a longstanding practice of sharing information about serious security bugs with only the security team. This is so that they can co-ordinate release of the information with other vendors. 2. The third clause of our Social Contract says that "We will not hide problems." However, the practice of embargoing information about serious security bugs could be seen as the hiding of problems. 3. Resolve to append the following to clause 3 of the Social Contract: An exception is made for serious security problems. Information about these may be kept confidential for a limited period of time, so that a release of information may be co-ordinated with other vendors. === END GR TEXT === -- Sean Whitton
Attachment:
signature.asc
Description: PGP signature