[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] [Xen-devel] Security disclosure process discussion update
On 08/01/13 08:56, Ian Campbell wrote: On Mon, 2013-01-07 at 19:12 +0000, Konrad Rzeszutek Wilk wrote:On Mon, Jan 07, 2013 at 04:46:19PM +0000, Ian Campbell wrote:Dropping -announce. On Mon, 2013-01-07 at 16:37 +0000, Konrad Rzeszutek Wilk wrote:So if we use an mailing list internally..* Applicants and current members must submit a statement saying that they have read, understand, and will abide by this process document.Are the folks on the internal mailing list bound by this as well? Meaning that if a new person would like to join the internal mailing list they need to have read, understood, etc the process document?I understood this to mean that the Organisation was agreeing to abide by it, which implies a duty to ensure that anyone with that organisation who is exposed to confidential information keeps it confidential. One obvious way to implement that would be the company to internally require new people to read and agree to the process document, but Xen.org need not be involved in that. It's not that dissimilar to how NDAs work in general I think.Except that you don't have to mail out the forms :-)Perhaps the wording could be tweaked to make it clearer that the *organisation* is agreeing to the policy and to taking on the responsibility of ensuring that any members/employees of that organisation who come into contact with confidential information will abide by it too. I'll take a look at seeing if I can make the wording clearer regarding this. -George _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxx http://lists.xen.org/xen-users
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |