[Secure-testing-team] discussing things in NOTE's

[Thijs Kinkhorst]

Let's just split this discussion, and continue with the discussion-in-NOTE 
issue here.

> i think NOTEs are a somewhat reasonable place to discuss conflicts of
> opinion because it is centralized, connected to the issue at hand, and
> the people that triage security issues will come across the
> discussion/philosophy, have to think about it, and make a decision.
> and finally, it's easy enough to change the text once that decision
> is made.  
>
> however, if the consensus is that this is bad, then i will stop.

> ultimately, perhaps the core problem here is that the security tracker
> provides no means to allow dissenting/conflicting opinion.

I don't think this is a problem. The security tracker is indeed not the place 
to have discussions, or to register dissenting opinions. It's intended to 
document the outcome of the discussions (if any): what is the current state 
and what action needs to be taken?

Taking the 'no-dsa' issue: either there's going to be a DSA, or there's not 
going to be a DSA. That fact can be debated just fine on our mailinglists or 
in a relevant bug. Those means provide much better overviews and space for 
who thinks what, to respond to arguments etc. In the end there has to be a 
conclusion, we do either this or that. That conclusion/decision will be 
documented in the tracker.

> note that 
> dissenting opinions in US Supreme Court decisions are just as important

I cannot envision any security issue that would be comparable to a supreme 
court case, nor can I even begin to think that we are operating even remotely 
like a "supreme court".


Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20090520/3d7cb7c7/attachment-0001.pgp>