Mailinglist Archive: opensuse-factory (536 mails)

< Previous Next >
Re: [opensuse-factory] Opening private bugs
On Tue, 2018-05-29 at 11:38 -0400, Anton Aylward wrote:
On 29/05/18 01:35 AM, Per Jessen wrote:
As far as I have understood, the list is meant as an interface - you
want access to a private bug report, write to the list and ask. The
report could be made public or you could be given the info you
need.


Or not. (See Kafka)
Or you might be refused. (See Kafka again)
Or, just as with governments, you might get a reply that has everything even
slightly relevant redacted.
(But this being SUSE you can expect that, unlike the governmental redaction,
you
won't be able to peer 'under' the PDF overlay layer to see the original.)

There is no guarantee and there is just to much hand-waving going on. An
unstated NDA allows the matter of 'security' to be invoked to justify just
about
anything, just as it can justify crippling US industry by increasing the cost
of
essential raw material or shafting the bulk (100 -9.9)% of US consumers by
taxing imported cars and components in the name of security.

There's places where security is essential, but security isn't just about
'privacy'. It's also about Integrity and Availability.
https://security.blogoverflow.com/2012/08/confidentiality-integrity-availability-the-three-components-of-the-cia-triad/

Actually I agree with Donn Parker that Availability without Utility is
meaningless and in this case I'd argue that the issue is not about privacy as
much as it is about Possession & Control.

You are correct. It's about possession & control. SUSE is put into
possession of information that the customers want to control access to,
and therefore SUSE respects contractual agreements as well as standard
laws with regard maintaining that control on behalf of those parties.

Back to the crux of your arguments, what concrete do to you find bad or
a step in the wrong direction (vs keeping things as they are) in the
proposal presented by Simon?

You do realize that this is a proposal to *open* (with best-effort) what
is currently closed, right? Doing nothing means things remain closed as
before.

-Scott
< Previous Next >