-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2017-01-10 07:49, Lars Wirzenius wrote: > I'm not opposed to amending the SC to say that security issues my > be kept private for a limited time, but I'm not sure it's worth > it.
This. Hear hear. > I especially would like to avoid anything that results in > nitpicking details, either during a GR or in the future, about what > is a security issue, what is a serious issue, and what is a limited > time, and what punishments we should have for exceeding a time > limit. And I do not think it's possible to remove every little corner of these things. SC3 says that the issues should be public promptly and I think that "promptly" can be different time periods from case to case. I rather not change the SC now if that means that we avoid changing other things in it in the future. It should not be seen as a document that needs updates first and foremost. Some kind of background to why Sean proposed the GR from the beginning would be nice btw, haven't worked out that yet. - -- brother http://sis.bthstudent.se -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEVlIsX3Eri6ICyZwJOIRDexPY/4sFAlh13NEACgkQOIRDexPY /4uJ7g/+Knj+ZBM6Bs/OwmsVK7N/P1QM3V+XZdFzRLv6SZgSLK5l4qidzFWteoRi H3GZUidBRhLHX42fVT9dkH89cKPVapFjkwf9+2f6AWsbxSxvc5fLSvEV/8s4uZmn TX3V+M7sKRu8hesXQJsiNVdn3Nas7aR/hBm3E2w58C2sCRjbmUxncZs07Qr3dyKM jW5Vvy97R1VFnk9TQhEe5NJsGCBAz/SrRnu/wFMUkTT07qcdQTEJcjyCzG60q48z 1248plTXcAeR3ggdTe1dHtYiIPZSKTN2AMZlHB8Q/c3LBwqBcHvhUhmhukSWPq1S z6vkLGEMp9eK3UzXq9JP42iZ1PXEzEcaOXK/IKN/XfvUxUASAmVkwrsywS+m8lGr weg2mfHoZDZHDhikGGC8N/WrvL+y8gdVixaj3zXq7sDZ4smDBS81+qcsqkJyVGyd VwrYzuoJ0UGbJTLDPXR5j1QXmoRn/xWfHdofvIrVDixL4C1I5ZRBuKQPXrFOXhKT 4m1w7b7N5FWWCCQXc9tlDHjARftu4uBCsse2lvGdJCFUS2K5LwRBzkpwadAb1h+N opcM5KkdbiClSyRWvQPxl5Elmgvy/AUqcto/P5z2+9Ry8bYgVQrIWqHJ3PdeDPY6 jGyYbdJ0V80A9jcYz1DQNJrqIOKIndZQTf9NyKNepO+a+wk4KXE= =2QoV -----END PGP SIGNATURE-----