Security Policy

[Neil Stevens]

=2D----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

KDE at this time appears to lack any published policy on the hiding or=20
warning of problems in KDE.  I mentioned this once before on=20
kde-core-devel, but now we have a list for these matters, so I bring it up=
=20
again.

I would suggest that KDE developers describe for users precisely what will=
=20
be donee with information related to KDE bugs, and when and if users will=20
be warned of risks to their systems.

Just to get things started, I make this description of what my policy is: =
=20
I will not, under any circumstances, withold from users any information=20
related to a threat, real or potential, to their privacy, security, or=20
system reliability.  This goes not just for any problems with software I=20
maintain, but for any other software problems I become aware of.

I believe that unless developers share with users any risks to them, users=
=20
cannot trust the developers' with any information they wish kept private,=20
nor with access to a public network.  The appearance of having something=20
to hide gives users an unnecessary risk.  Some KDE developers may=20
personally know each other, but KDE users more often will not.

=2D --=20
Neil Stevens - neil@qualityassistant.com
"Among the many misdeeds of the British rule in India, history will
look upon the act depriving a whole nation of arms as the blackest."
 -- Gandhi
=2D----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+a/gpf7mnligQOmERAppkAJ9NGYC/qhNvvUYeQjh1nWrLqAPiuACfbObN
5ZaJEpOAG4EY0Vd0BVmz9tc=3D
=3DsDwd
=2D----END PGP SIGNATURE-----