From mboxrd@z Thu Jan  1 00:00:00 1970
From: George Dunlap <george.dunlap@eu.citrix.com>
Subject: Re: [Xen-users] Security disclosure process discussion
 update
Date: Tue, 15 Jan 2013 15:41:54 +0000
Message-ID: <50F578C2.40609@eu.citrix.com>
References: <CAFLBxZZuv=Q_T3F=e88DnJNhZqUutm-fDZ=FCS_-bdXV-eeWSg@mail.gmail.com>
	<20130107163701.GA6682@phenom.dumpdata.com>
	<1357577179.7989.133.camel@zakaz.uk.xensource.com>
	<20130107191220.GD8615@phenom.dumpdata.com>
	<1357635393.12649.88.camel@dagon.hellion.org.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <1357635393.12649.88.camel@dagon.hellion.org.uk>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Ian Campbell <Ian.Campbell@citrix.com>
Cc: "xen-users@lists.xen.org" <xen-users@lists.xen.org>, "xen-devel@lists.xen.org" <xen-devel@lists.xen.org>, Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
List-Id: xen-devel@lists.xenproject.org

On 08/01/13 08:56, Ian Campbell wrote:
> On Mon, 2013-01-07 at 19:12 +0000, Konrad Rzeszutek Wilk wrote:
>> On Mon, Jan 07, 2013 at 04:46:19PM +0000, Ian Campbell wrote:
>>> Dropping -announce.
>>>
>>> On Mon, 2013-01-07 at 16:37 +0000, Konrad Rzeszutek Wilk wrote:
>>>
>>>> So if we use an mailing list internally..
>>>>> * Applicants and current members must submit a statement saying that they
>>>>> have
>>>>> read, understand, and will abide by this process document.
>>>> Are the folks on the internal mailing list bound by this as well? Meaning
>>>> that if a new person would like to join the internal mailing list they
>>>> need to have read, understood, etc the process document?
>>> I understood this to mean that the Organisation was agreeing to abide by
>>> it, which implies a duty to ensure that anyone with that organisation
>>> who is exposed to confidential information keeps it confidential. One
>>> obvious way to implement that would be the company to internally require
>>> new people to read and agree to the process document, but Xen.org need
>>> not be involved in that.
>>>
>>> It's not that dissimilar to how NDAs work in general I think.
>> Except that you don't have to mail out the forms :-)
> Perhaps the wording could be tweaked to make it clearer that the
> *organisation* is agreeing to the policy and to taking on the
> responsibility of ensuring that any members/employees of that
> organisation who come into contact with confidential information will
> abide by it too.

I'll take a look at seeing if I can make the wording clearer regarding this.

  -George