|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] [Xen-devel] Security disclosure process discussion update
Dropping -announce. On Mon, 2013-01-07 at 16:37 +0000, Konrad Rzeszutek Wilk wrote: > So if we use an mailing list internally.. > > * Applicants and current members must submit a statement saying that they > > have > > read, understand, and will abide by this process document. > > Are the folks on the internal mailing list bound by this as well? Meaning > that if a new person would like to join the internal mailing list they > need to have read, understood, etc the process document? I understood this to mean that the Organisation was agreeing to abide by it, which implies a duty to ensure that anyone with that organisation who is exposed to confidential information keeps it confidential. One obvious way to implement that would be the company to internally require new people to read and agree to the process document, but Xen.org need not be involved in that. It's not that dissimilar to how NDAs work in general I think. > I would presume so, but you are not stating it here nor: > > http://wiki.xen.org/wiki/Security_vulnerability_process_draft > > So what is driving the 'alias' requirement? There's no reason for Xen.org to be involved in the internals of each organisation's security team. Apart from the management overhead on our side it can also lead to situations where there are gaps in the coverage as people come and go but because the company cannot (easily) see the subscriber list on our end. Ian. _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxx http://lists.xen.org/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |