Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261484AbVAMV4H (ORCPT ); Thu, 13 Jan 2005 16:56:07 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261748AbVAMVt5 (ORCPT ); Thu, 13 Jan 2005 16:49:57 -0500 Received: from mail.enyo.de ([212.9.189.167]:25760 "EHLO mail.enyo.de") by vger.kernel.org with ESMTP id S261731AbVAMVni (ORCPT ); Thu, 13 Jan 2005 16:43:38 -0500 From: Florian Weimer To: Chris Wright Cc: linux-kernel@vger.kernel.org Subject: Re: security contact draft References: <20050113125503.C469@build.pdx.osdl.net> Date: Thu, 13 Jan 2005 22:43:29 +0100 In-Reply-To: <20050113125503.C469@build.pdx.osdl.net> (Chris Wright's message of "Thu, 13 Jan 2005 12:55:03 -0800") Message-ID: <87mzvd9f9a.fsf@deneb.enyo.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 756 Lines: 20 * Chris Wright: > To keep the conversation concrete, here's a pretty rough stab at > documenting the policy. Looks fine. Maybe you can add the following section? 3) Non-disclosure agreements The Linux kernel security contact is not a formal body and therefore unable to enter any non-disclosure agreements. UNIRAS and probably others require NDAs from affected software vendors before they share vulnerability information. It makes things easier if you state upfront that you won't play such games. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/