On Tue, 2018-05-29 at 11:38 -0400, Anton Aylward wrote:
On 29/05/18 01:35 AM, Per Jessen wrote:
As far as I have understood, the list is meant as an interface - you want access to a private bug report, write to the list and ask. The report could be made public or you could be given the info you need.
Or not. (See Kafka) Or you might be refused. (See Kafka again) Or, just as with governments, you might get a reply that has everything even slightly relevant redacted. (But this being SUSE you can expect that, unlike the governmental redaction, you won't be able to peer 'under' the PDF overlay layer to see the original.)
There is no guarantee and there is just to much hand-waving going on. An unstated NDA allows the matter of 'security' to be invoked to justify just about anything, just as it can justify crippling US industry by increasing the cost of essential raw material or shafting the bulk (100 -9.9)% of US consumers by taxing imported cars and components in the name of security.
There's places where security is essential, but security isn't just about 'privacy'. It's also about Integrity and Availability. https://security.blogoverflow.com/2012/08/confidentiality-integrity-availabi...
Actually I agree with Donn Parker that Availability without Utility is meaningless and in this case I'd argue that the issue is not about privacy as much as it is about Possession & Control.
You are correct. It's about possession & control. SUSE is put into possession of information that the customers want to control access to, and therefore SUSE respects contractual agreements as well as standard laws with regard maintaining that control on behalf of those parties. Back to the crux of your arguments, what concrete do to you find bad or a step in the wrong direction (vs keeping things as they are) in the proposal presented by Simon? You do realize that this is a proposal to *open* (with best-effort) what is currently closed, right? Doing nothing means things remain closed as before. -Scott