On 14549 March 1977, Sean Whitton wrote: > No-one who understands how GNU/Linux distributions work thinks that > there is anything problematic about short-term embargos of information > about serious security bugs. However, the SC is not just for those > people: it's also something for newcomers to read.
> Imagine a newcomer who finds SC clause 3 very attractive: they > particularly value transparency about development. Then they learn that > certain information is held in a separate, non-public bug tracker, and > their initial enthusiasm for Debian is somewhat dampened. If we pass > this GR, we can avoid leaving a bad taste in that newcomer's mouth. > That's good for Debian. Is there really anyone like this? And dampened by how much, when thinking about it? Also, this is IMO nothing for a foundational document. But some docs around it as explanation on how real world handles things. Adding something like this opens a wormhole of "lets add this extra condition here" "and hey, this little one there too" and gets the document from a nice simple "thats it" to a murky "its this, but sometimes that, and other times this" and end up with a hell where you can avoid everything because the definition gets too mushy. Right now its plain simple and one has to have a real good reason to go around it, which is why its only embargoed security stuff, time limited, that does. -- bye, Joerg
