Daniel Veditz wrote:
I don't think you've demonstrated problems with the policy but rather thatI see. I guess we have differing viewpionts. Given that we ask for secrecy, I think that the policy should *ensure* for outsiders/users that we're doing the right thing.
we have to do a better job implementing it.
Ben, a policy cannot ensure anything. People can do their best to ensure outcomes, but even then, bad things can happen. Good policy helps people work more effectively to achieve better outcomes, but "ensure" is meaningful only in the sense of "try", not "do", in the real world.
Just like I think that the law should ensure that the police and the secret services do the right thing, not just give them blanket permissions.
Flawed analogy, although who could disagree with that? The analogy you want is "the law should ensure that there is no abuse of power or criminal conduct by the police." But that is clearly nonsensical, equivalent to "the law should ensure that there is no crime."
No law or policy can ensure any particular human action. Draconian penalties for all crime would tend to suppress criminal action, but at too high a cost (Jean Valjean hounded by Javert for years over a loaf of bread). If we all lived in fear of losing our right hand were there to be an unfixed, undisclosed security bug that we knew about in a past milestone release, and no dot release was made by us to fix it, I suspect we would have lots of dot releases. But we would have little else.
I don't know why you keep insisting that policy A can cure problem B when the two are not related, either, but I'll leave that for later.
/be _______________________________________________ Mozilla-security mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-security
