From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
To: Ian Campbell <Ian.Campbell@citrix.com>
Cc: George Dunlap <George.Dunlap@eu.citrix.com>,
"xen-users@lists.xen.org" <xen-users@lists.xen.org>,
"xen-devel@lists.xen.org" <xen-devel@lists.xen.org>
Subject: Re: [Xen-users] Security disclosure process discussion update
Date: Mon, 7 Jan 2013 14:12:20 -0500 [thread overview]
Message-ID: <20130107191220.GD8615@phenom.dumpdata.com> (raw)
In-Reply-To: <1357577179.7989.133.camel@zakaz.uk.xensource.com>
On Mon, Jan 07, 2013 at 04:46:19PM +0000, Ian Campbell wrote:
> Dropping -announce.
>
> On Mon, 2013-01-07 at 16:37 +0000, Konrad Rzeszutek Wilk wrote:
>
> > So if we use an mailing list internally..
> > > * Applicants and current members must submit a statement saying that they
> > > have
> > > read, understand, and will abide by this process document.
> >
> > Are the folks on the internal mailing list bound by this as well? Meaning
> > that if a new person would like to join the internal mailing list they
> > need to have read, understood, etc the process document?
>
> I understood this to mean that the Organisation was agreeing to abide by
> it, which implies a duty to ensure that anyone with that organisation
> who is exposed to confidential information keeps it confidential. One
> obvious way to implement that would be the company to internally require
> new people to read and agree to the process document, but Xen.org need
> not be involved in that.
>
> It's not that dissimilar to how NDAs work in general I think.
Except that you don't have to mail out the forms :-)
>
> > I would presume so, but you are not stating it here nor:
> >
> > http://wiki.xen.org/wiki/Security_vulnerability_process_draft
> >
> > So what is driving the 'alias' requirement?
>
> There's no reason for Xen.org to be involved in the internals of each
> organisation's security team. Apart from the management overhead on our
> side it can also lead to situations where there are gaps in the coverage
> as people come and go but because the company cannot (easily) see the
> subscriber list on our end.
next prev parent reply other threads:[~2013-01-07 19:12 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-12-17 12:58 Security disclosure process discussion update George Dunlap
2013-01-07 16:37 ` Konrad Rzeszutek Wilk
2013-01-07 16:46 ` [Xen-users] " Ian Campbell
2013-01-07 19:12 ` Konrad Rzeszutek Wilk [this message]
2013-01-08 8:56 ` Ian Campbell
2013-01-15 15:41 ` George Dunlap
2013-04-08 11:24 ` George Dunlap
2013-04-15 14:55 ` [Xen-users] " Ian Campbell
2013-04-16 13:05 ` George Dunlap
2013-04-16 14:13 ` Ian Campbell
2013-04-19 19:41 ` Ian Campbell
2013-04-24 11:02 ` George Dunlap
2013-05-01 15:31 ` George Dunlap
2013-05-01 15:37 ` Ian Campbell
2013-05-01 15:38 ` George Dunlap
[not found] ` <CAFLBxZbs2AeO3h=r3jOzM=+nG9p-hpTi4CAuk_qQc-rW0nc7Bg@mail.gmail.com>
2013-04-19 18:56 ` Matt Wilson
2013-04-23 9:37 ` George Dunlap
2013-04-23 9:49 ` Ian Campbell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130107191220.GD8615@phenom.dumpdata.com \
--to=konrad.wilk@oracle.com \
--cc=George.Dunlap@eu.citrix.com \
--cc=Ian.Campbell@citrix.com \
--cc=xen-devel@lists.xen.org \
--cc=xen-users@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).