[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [Xen-users] Security disclosure process discussion update

On 08/01/13 08:56, Ian Campbell wrote:
On Mon, 2013-01-07 at 19:12 +0000, Konrad Rzeszutek Wilk wrote:
On Mon, Jan 07, 2013 at 04:46:19PM +0000, Ian Campbell wrote:
Dropping -announce.

On Mon, 2013-01-07 at 16:37 +0000, Konrad Rzeszutek Wilk wrote:

So if we use an mailing list internally..
* Applicants and current members must submit a statement saying that they
read, understand, and will abide by this process document.
Are the folks on the internal mailing list bound by this as well? Meaning
that if a new person would like to join the internal mailing list they
need to have read, understood, etc the process document?
I understood this to mean that the Organisation was agreeing to abide by
it, which implies a duty to ensure that anyone with that organisation
who is exposed to confidential information keeps it confidential. One
obvious way to implement that would be the company to internally require
new people to read and agree to the process document, but Xen.org need
not be involved in that.

It's not that dissimilar to how NDAs work in general I think.
Except that you don't have to mail out the forms :-)
Perhaps the wording could be tweaked to make it clearer that the
*organisation* is agreeing to the policy and to taking on the
responsibility of ensuring that any members/employees of that
organisation who come into contact with confidential information will
abide by it too.

I'll take a look at seeing if I can make the wording clearer regarding this.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.