Fedora and External Product Vulnerabilities (Bugzilla #185499, RHSA-2006-0268 (Macromedia Flash))

[Axel Thimm]

On Sat, Apr 01, 2006 at 01:06:14PM -0600, David Eisenstein wrote:
> Perhaps this needs more discussion, however.  As participating members of
> the Fedora Project team, are there things we should not say on the mailing
> list(s)?  I keep reading things about the wiki, for example, that say we
> mustn't talk (at least on Fedora's official web-pages) about things that
> aren't "pure" open-source or that violate some standard of open-
> sourciness; nor should we use the wiki resource to point to outside
> resources that may have (Linux) software that is proprietary or use
> features that in some of many jurisdictions might violate patents or other
> intellectual property laws.

It depends. If you post/write something like "use <the possibly
patent-flawed software XYZ>" or "use <closed source, propriatary
software ABC>" you and maybe any official position you are dressing
are encouraging the possible patent violation or use of propriatary
software. But if you make a statement that this software has security
flaws you are not endorsing directly or indirectly any usage of this
software.

As to how far this is on or off-topic for this list and that webspace:
If it really adds value to the target audience then it's always
on-topic. And people subscribing to a fedora-security list shouldn't
mind the one or other post about security flaws on not directly fedora
content. We're not Debian, are we? ;)

Of course everything has a line somehwere. Posting about Microsoft
Office vulnerabilities because you could run Office under wine on
fedora would not only be off-topic, but perhaps an insult to the
community ;)
-- 
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/security/attachments/20060402/df3098ca/attachment.bin