Proposed GR: State exception for security bugs in Social Contract clause 3

To: debian-vote@lists.debian.org
Subject: Proposed GR: State exception for security bugs in Social Contract clause 3
From: Sean Whitton <spwhitton@spwhitton.name>
Date: Mon, 9 Jan 2017 19:08:19 -0700
Message-id: <[🔎] 20170110020819.h7dyrqxvywotn22r@hephaestus.silentflame.com>

=== BEGIN GR TEXT ===

Title: State exception for security bugs in Social Contract clause 3

1. Debian has a longstanding practice of sharing information about
   serious security bugs with only the security team.  This is so that
   they can co-ordinate release of the information with other vendors.

2. The third clause of our Social Contract says that "We will not hide
   problems."  However, the practice of embargoing information about
   serious security bugs could be seen as the hiding of problems.

3. Resolve to append the following to clause 3 of the Social Contract:

    An exception is made for serious security problems.  Information
    about these may be kept confidential for a limited period of time,
    so that a release of information may be co-ordinated with other
    vendors.

=== END GR TEXT ===

-- 
Sean Whitton

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Proposed GR: State exception for security bugs in Social Contract clause 3
  - From: Scott Kitterman <debian@kitterman.com>
- Re: Proposed GR: State exception for security bugs in Social Contract clause 3
  - From: Gunnar Wolf <gwolf@debian.org>

Next by Date: Re: Proposed GR: State exception for security bugs in Social Contract clause 3
Next by thread: Re: Proposed GR: State exception for security bugs in Social Contract clause 3
Index(es):
- Date
- Thread