1 |
Hi all |
2 |
|
3 |
During last trustees meeting we discussed a small change on the Gentoo |
4 |
Social Contract [1]. The change was requested through bug 536668 [2] which, |
5 |
correctly, formulates that the current contract could be read as if even |
6 |
DevRel/ComRel related bugs (which might contain personally identifiable |
7 |
information or private communications) would have a deadline before they are |
8 |
disclosed publically. |
9 |
|
10 |
[1] https://www.gentoo.org/main/en/contract.xml |
11 |
[2] https://bugs.gentoo.org/show_bug.cgi?id=536668 |
12 |
|
13 |
During the trustee meeting, it was recommended to first get a |
14 |
community-supported suggestion before making the change, and to discuss it |
15 |
on gentoo-project@g.o. Hence this e-mail. |
16 |
|
17 |
The paragraph currently reads: |
18 |
|
19 |
""" |
20 |
Exceptions are made when we receive security-related or developer relations |
21 |
information with the request not to publicize before a certain deadline. |
22 |
""" |
23 |
|
24 |
In light of the suggestions already made on the bug, my suggestion would be |
25 |
to go with the following: |
26 |
|
27 |
""" |
28 |
Exceptions are made for |
29 |
- security-related information, when there are valid reasons (such as a |
30 |
responsible disclosure process) not to publicize the content of the bug |
31 |
before a certain deadline |
32 |
- community relations related information, for instance where content disclosure |
33 |
could be harmful to a person or project, such as bugs containing |
34 |
offensive content, or personally identifiable / private information |
35 |
|
36 |
Other exceptions can be made on a case-by-case basis after approval by the |
37 |
Board of Trustees of the Gentoo Foundation. |
38 |
""" |
39 |
|
40 |
Please shed your light on this. All feedback is greatly welcomed. |
41 |
|
42 |
Wkr, |
43 |
Sven Vermeulen |