[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [Xen-users] Security disclosure process discussion update



On Mon, 2013-01-07 at 19:12 +0000, Konrad Rzeszutek Wilk wrote:
> On Mon, Jan 07, 2013 at 04:46:19PM +0000, Ian Campbell wrote:
> > Dropping -announce.
> > 
> > On Mon, 2013-01-07 at 16:37 +0000, Konrad Rzeszutek Wilk wrote:
> > 
> > > So if we use an mailing list internally..
> > > > * Applicants and current members must submit a statement saying that 
> > > > they
> > > > have
> > > > read, understand, and will abide by this process document.
> > > 
> > > Are the folks on the internal mailing list bound by this as well? Meaning
> > > that if a new person would like to join the internal mailing list they
> > > need to have read, understood, etc the process document?
> > 
> > I understood this to mean that the Organisation was agreeing to abide by
> > it, which implies a duty to ensure that anyone with that organisation
> > who is exposed to confidential information keeps it confidential. One
> > obvious way to implement that would be the company to internally require
> > new people to read and agree to the process document, but Xen.org need
> > not be involved in that.
> > 
> > It's not that dissimilar to how NDAs work in general I think.
> 
> Except that you don't have to mail out the forms :-)

Perhaps the wording could be tweaked to make it clearer that the
*organisation* is agreeing to the policy and to taking on the
responsibility of ensuring that any members/employees of that
organisation who come into contact with confidential information will
abide by it too.

Ian.


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.