| 1 |
Hi all |
| 2 |
|
| 3 |
During last trustees meeting we discussed a small change on the Gentoo |
| 4 |
Social Contract [1]. The change was requested through bug 536668 [2] which, |
| 5 |
correctly, formulates that the current contract could be read as if even |
| 6 |
DevRel/ComRel related bugs (which might contain personally identifiable |
| 7 |
information or private communications) would have a deadline before they are |
| 8 |
disclosed publically. |
| 9 |
|
| 10 |
[1] https://www.gentoo.org/main/en/contract.xml |
| 11 |
[2] https://bugs.gentoo.org/show_bug.cgi?id=536668 |
| 12 |
|
| 13 |
During the trustee meeting, it was recommended to first get a |
| 14 |
community-supported suggestion before making the change, and to discuss it |
| 15 |
on gentoo-project@g.o. Hence this e-mail. |
| 16 |
|
| 17 |
The paragraph currently reads: |
| 18 |
|
| 19 |
""" |
| 20 |
Exceptions are made when we receive security-related or developer relations |
| 21 |
information with the request not to publicize before a certain deadline. |
| 22 |
""" |
| 23 |
|
| 24 |
In light of the suggestions already made on the bug, my suggestion would be |
| 25 |
to go with the following: |
| 26 |
|
| 27 |
""" |
| 28 |
Exceptions are made for |
| 29 |
- security-related information, when there are valid reasons (such as a |
| 30 |
responsible disclosure process) not to publicize the content of the bug |
| 31 |
before a certain deadline |
| 32 |
- community relations related information, for instance where content disclosure |
| 33 |
could be harmful to a person or project, such as bugs containing |
| 34 |
offensive content, or personally identifiable / private information |
| 35 |
|
| 36 |
Other exceptions can be made on a case-by-case basis after approval by the |
| 37 |
Board of Trustees of the Gentoo Foundation. |
| 38 |
""" |
| 39 |
|
| 40 |
Please shed your light on this. All feedback is greatly welcomed. |
| 41 |
|
| 42 |
Wkr, |
| 43 |
Sven Vermeulen |
Archives