Knowing the True History of Debian, Owing to Irish Debian Developer Daniel Pocock (Currently Running to Become Member of the European Parliament)
Irish-Australian and scapegoat of a highly dysfunctional 'Debian family' which hurts people
This recent article from Daniel Pocock's blog said that some time soon he will expose security blunders in Debian - blunders that Debian tried to hide from the public. "Some of the security blogs have been timed to coincide with the European Parliament elections," he said, as he's basically running to become Member of the European Parliament.
To be very clear, what Pocock does there is perfectly lawful. Debian already voted to unveil secret communications for transparency's sake; it just never got around to actually doing this, so Pocock is selectively showing communications of interest (to the general public, including Debian users).
When it comes to our own communications, we strive to be as transparent as possible without burning sources. There are several ways to achieve this other than redacting sensibly or delaying publication.
It'll be interesting to see what Pocock has to show. Those communications aren't some classified or top-secret material; they were kept internal for a while in order to save face or avoid embarrassment (maybe even to avoid helping actors see the holes, rushing to write exploits or proof of concept code that can in turn be used by malicious actors).
Months ago we wrote about how Debian backported bad code that basically broke a kernel we were using, threatening to accidentally delete data (serious data loss). Many of us use Debian, so we wish to know what Debian developers do behind the scenes (including the blackmail of Debian Developers). It's not about humiliating people; it is about understanding facts and learning the true history of the project, not some sanitised (censored) version of it. █