2010/11/2 Jeremiah Foster <[email protected]>: > I don't think anyone has a problem with a MeeGo Bugzilla security embargo as > long as that embargo is clearly explained, and reaches a consensus in the > community. My understanding was that the policy that was in place in MeeGo's > bug tracker met neither of those conditions. >
Minor detail, consensus implies democracy (at least in my interpretation), while there's people responsible and a hierarchy in MeeGo - so there's someone making the last call on these issues.. Doesn't mean the discussion shouldn't happen publically, but someone has the last word and makes the final decision. The additional problem to consider is let's say, if someone posts copyrighted material to a bugtracker or any other community service. Technically a take-down notice can be sent as we're now in the project hosting copyrighted material we don't have a license to publish. Naturally we'd have to remove that material. What I personally think should be done is simply by having a public written policy how to deal with matters like: * Security sensitive bug reports * Developers/testers/whatever contributing copyrighted information that he has no right to, either as patches, bug report information, etc. We obviously can't let the project be subject to legal action so we'll need to take our precautions when matters rise.. It doesn't change the fact that a situation like this is a PITA and since we're a young project, procedures aren't written and we're learning to deal with things. These discussions hopefully lead to a better situation. BR Carsten Munk _______________________________________________ MeeGo-dev mailing list [email protected] http://lists.meego.com/listinfo/meego-dev
