Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261776AbVAMXVw (ORCPT ); Thu, 13 Jan 2005 18:21:52 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261775AbVAMXT6 (ORCPT ); Thu, 13 Jan 2005 18:19:58 -0500 Received: from fw.osdl.org ([65.172.181.6]:46003 "EHLO mail.osdl.org") by vger.kernel.org with ESMTP id S261739AbVAMWMa (ORCPT ); Thu, 13 Jan 2005 17:12:30 -0500 Date: Thu, 13 Jan 2005 14:12:29 -0800 From: Chris Wright To: Florian Weimer Cc: Chris Wright , linux-kernel@vger.kernel.org Subject: Re: security contact draft Message-ID: <20050113141229.G24171@build.pdx.osdl.net> References: <20050113125503.C469@build.pdx.osdl.net> <87mzvd9f9a.fsf@deneb.enyo.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <87mzvd9f9a.fsf@deneb.enyo.de>; from fw@deneb.enyo.de on Thu, Jan 13, 2005 at 10:43:29PM +0100 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 961 Lines: 28 * Florian Weimer (fw@deneb.enyo.de) wrote: > * Chris Wright: > > > To keep the conversation concrete, here's a pretty rough stab at > > documenting the policy. > > Looks fine. Maybe you can add the following section? > > 3) Non-disclosure agreements > > The Linux kernel security contact is not a formal body and therefore > unable to enter any non-disclosure agreements. > > UNIRAS and probably others require NDAs from affected software vendors > before they share vulnerability information. It makes things easier > if you state upfront that you won't play such games. Fair point, I can add that easily. thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/