[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [Xen-users] Security disclosure process discussion update
On Mon, 2013-01-07 at 19:12 +0000, Konrad Rzeszutek Wilk wrote: > On Mon, Jan 07, 2013 at 04:46:19PM +0000, Ian Campbell wrote: > > Dropping -announce. > > > > On Mon, 2013-01-07 at 16:37 +0000, Konrad Rzeszutek Wilk wrote: > > > > > So if we use an mailing list internally.. > > > > * Applicants and current members must submit a statement saying that > > > > they > > > > have > > > > read, understand, and will abide by this process document. > > > > > > Are the folks on the internal mailing list bound by this as well? Meaning > > > that if a new person would like to join the internal mailing list they > > > need to have read, understood, etc the process document? > > > > I understood this to mean that the Organisation was agreeing to abide by > > it, which implies a duty to ensure that anyone with that organisation > > who is exposed to confidential information keeps it confidential. One > > obvious way to implement that would be the company to internally require > > new people to read and agree to the process document, but Xen.org need > > not be involved in that. > > > > It's not that dissimilar to how NDAs work in general I think. > > Except that you don't have to mail out the forms :-) Perhaps the wording could be tweaked to make it clearer that the *organisation* is agreeing to the policy and to taking on the responsibility of ensuring that any members/employees of that organisation who come into contact with confidential information will abide by it too. Ian. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |