-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, Jan 10, 2017 at 08:49:56AM +0200, Lars Wirzenius wrote: > Now, it's true that we track security issues in a different, and > it's private, which is in contradiction to what the social contract > says:
It's also a service to our users and free software, so not doing it is also in conflict with the SC. Such conflicts are not unusual. AFAIK we solve them by deciding which is more important in this situation and doing that. I do not think the SC needs to contain details on how that decision should be made for every case. As stated, this case seems to be a non-problem and I would prefer to not solve it. Thanks, Bas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJYdIcqAAoJEJzRfVgHwHE6m2MP/jJ19gs3x8XSjgxt/8trhOH3 xd5MDQql5kEfV5UGEv3DZVVh3xj9MiKicRBSsm1c+zPIg7CwBHwSfAP3Ujj+2CkP YA/TRPvYANzopRuv7VzQ8V1vz9dTZ/WWpkQQZHmx/rLe6sY59W9UBWNbTnb8STAz nY/r3ZOr0fadsd3nL34Cx9psA+Iz74tIi9a8TsNkzl2GTDgqvXFk9jyHpHmbKyG6 geUE+3ZVWRzZ2S72fFZWA8ZWVngtlhDLPp0mcxyG9+1dr8KsrQNs+/9Asho36tfP gyjwsb96QSRlv+C93MyaRk/G+OO23Mev4/s4AspuykVt6N/2XZG2SZs20ODoCHd0 odzXV72Dcl50Het3HYd3dCLWs1N/n6Kdc5leFrXZ6757wQjB28bZLuZ1DG6ENfwM CIdgnPu5pn33tXPVt5k9b0TtJrNoc1FFC9pO7q5fr42BMGwJkj3T3uIRAX8twNwV lBb12vNP3vRLUIPtSZpFrw007sWjiD+JVHz8YYT1zHA6mjouMlvLtm7ZapizafCD OBEYIswI9uaqUA5buBbnWnf9kuSFlcJVVIf2O7EHcuRAwuqVU50eeLULSKxXwJRt wHydafcx/4Y9Ef70lasaI6YFqWVUSw2tnT5N5DDNof9QHfceRwSc+kPggo1nWDFL PvW26j7mfRb0qsiBYbpi =dOVD -----END PGP SIGNATURE-----