From: Sasha Levin <sashal@kernel.org>
To: Dave Hansen <dave.hansen@linux.intel.com>
Cc: linux-kernel@vger.kernel.org, corbet@lwn.net,
gregkh@linuxfoundation.org, ben@decadent.org.uk,
tglx@linutronix.de, labbott@redhat.com,
andrew.cooper3@citrix.com, tsoni@codeaurora.org,
keescook@chromium.org, tony.luck@intel.com,
linux-doc@vger.kernel.org, dan.j.williams@intel.com
Subject: Re: [PATCH 2/4] Documentation/process: describe relaxing disclosing party NDAs
Date: Wed, 11 Sep 2019 06:11:55 -0400 [thread overview]
Message-ID: <20190911101155.GN2012@sasha-vm> (raw)
In-Reply-To: <20190910172649.74639177@viggo.jf.intel.com>
On Tue, Sep 10, 2019 at 10:26:49AM -0700, Dave Hansen wrote:
>
>From: Dave Hansen <dave.hansen@linux.intel.com>
>
>Hardware companies like Intel have lots of information which they
>want to disclose to some folks but not others. Non-disclosure
>agreements are a tool of choice for helping to ensure that the
>flow of information is controlled.
>
>But, they have caused problems in mitigation development. It
>can be hard for individual developers employed by companies to
>figure out how they can participate, especially if their
>employer is under an NDA.
>
>To make this easier for developers, make it clear to disclosing
>parties that they are expected to give permission for individuals
>to participate in mitigation efforts.
>
>Cc: Jonathan Corbet <corbet@lwn.net>
>Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
>Cc: Sasha Levin <sashal@kernel.org>
>Cc: Ben Hutchings <ben@decadent.org.uk>
>Cc: Thomas Gleixner <tglx@linutronix.de>
>Cc: Laura Abbott <labbott@redhat.com>
>Cc: Andrew Cooper <andrew.cooper3@citrix.com>
>Cc: Trilok Soni <tsoni@codeaurora.org>
>Cc: Kees Cook <keescook@chromium.org>
>Cc: Tony Luck <tony.luck@intel.com>
>Cc: linux-doc@vger.kernel.org
>Cc: linux-kernel@vger.kernel.org
>Acked-by: Dan Williams <dan.j.williams@intel.com>
>Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
>---
>
> b/Documentation/process/embargoed-hardware-issues.rst | 7 +++++++
> 1 file changed, 7 insertions(+)
>
>diff -puN Documentation/process/embargoed-hardware-issues.rst~hw-sec-0 Documentation/process/embargoed-hardware-issues.rst
>--- a/Documentation/process/embargoed-hardware-issues.rst~hw-sec-0 2019-09-10 08:39:02.835488131 -0700
>+++ b/Documentation/process/embargoed-hardware-issues.rst 2019-09-10 08:39:02.838488131 -0700
>@@ -74,6 +74,13 @@ unable to enter into any non-disclosure
> is aware of the sensitive nature of such issues and offers a Memorandum of
> Understanding instead.
>
>+Disclosing parties may have shared information about an issue under a
>+non-disclosure agreement with third parties. In order to ensure that
>+these agreements do not interfere with the mitigation development
>+process, the disclosing party must provide explicit permission to
>+participate to any response team members affected by a non-disclosure
>+agreement. Disclosing parties must resolve requests to do so in a
>+timely manner.
Can giving the permission be made explicitly along with the disclosure?
If it's disclosed with Microsoft under NDA, it makes it tricky for me to
participate in the "response team" context here unless premission is
given to do so.
--
Thanks,
Sasha
next prev parent reply other threads:[~2019-09-11 11:00 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-10 17:26 [PATCH 0/4] Documentation/process: embargoed hardware issues additions Dave Hansen
2019-09-10 17:26 ` [PATCH 1/4] Documentation/process: Volunteer as the ambassador for Intel Dave Hansen
2019-09-10 17:26 ` [PATCH 2/4] Documentation/process: describe relaxing disclosing party NDAs Dave Hansen
2019-09-11 10:11 ` Sasha Levin [this message]
2019-09-11 14:11 ` Dave Hansen
2019-09-11 15:44 ` Greg KH
2019-09-11 16:09 ` Dave Hansen
2019-09-25 8:29 ` [PATCH] Documentation/process: Clarify disclosure rules Thomas Gleixner
2019-09-25 15:53 ` Dave Hansen
2019-09-29 10:42 ` [PATCH 2/4] Documentation/process: describe relaxing disclosing party NDAs Greg KH
2019-09-10 17:26 ` [PATCH 3/4] Documentation/process: soften language around conference talk dates Dave Hansen
2019-09-11 15:49 ` Greg KH
2019-09-10 17:26 ` [PATCH 4/4] Documentation/process: add transparency promise to list subscription Dave Hansen
2019-09-11 15:51 ` Greg KH
2019-09-16 8:30 ` Thomas Gleixner
2019-09-11 11:54 ` [PATCH 0/4] Documentation/process: embargoed hardware issues additions Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190911101155.GN2012@sasha-vm \
--to=sashal@kernel.org \
--cc=andrew.cooper3@citrix.com \
--cc=ben@decadent.org.uk \
--cc=corbet@lwn.net \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=keescook@chromium.org \
--cc=labbott@redhat.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=tony.luck@intel.com \
--cc=tsoni@codeaurora.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.