Re: security contact draft

From: Florian Weimer
Date: Thu Jan 13 2005 - 17:00:16 EST

Next message: Andi Kleen: "Re: [BUG] ATA over Ethernet __init calling __exit"
Previous message: Andi Kleen: "Re: [PATCH 1/1] pci: Block config access during BIST (resend)"
In reply to: Chris Wright: "Re: security contact draft"
Next in thread: Chris Wright: "Re: security contact draft"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Chris Wright:

> To keep the conversation concrete, here's a pretty rough stab at
> documenting the policy.

Looks fine. Maybe you can add the following section?

3) Non-disclosure agreements

The Linux kernel security contact is not a formal body and therefore
unable to enter any non-disclosure agreements.

UNIRAS and probably others require NDAs from affected software vendors
before they share vulnerability information. It makes things easier
if you state upfront that you won't play such games.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andi Kleen: "Re: [BUG] ATA over Ethernet __init calling __exit"
Previous message: Andi Kleen: "Re: [PATCH 1/1] pci: Block config access during BIST (resend)"
In reply to: Chris Wright: "Re: security contact draft"
Next in thread: Chris Wright: "Re: security contact draft"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]