Re: [PATCH 2/4] Documentation/process: describe relaxing disclosing party NDAs
From: Dave Hansen
Date: Wed Sep 11 2019 - 10:11:50 EST
On 9/11/19 3:11 AM, Sasha Levin wrote:
>> +Disclosing parties may have shared information about an issue under a
>> +non-disclosure agreement with third parties. In order to ensure that
>> +these agreements do not interfere with the mitigation development
>> +process, the disclosing party must provide explicit permission to
>> +participate to any response team members affected by a non-disclosure
>> +agreement. Disclosing parties must resolve requests to do so in a
>> +timely manner.
>
> Can giving the permission be made explicitly along with the disclosure?
> If it's disclosed with Microsoft under NDA, it makes it tricky for me to
> participate in the "response team" context here unless premission is
> given to do so.
Hi Sasha,
It is probably possible to do in advance. But, probably only if we list
the folks for which it needs to be done in advance in the process file.
It makes a lot of sense to have the stable maintainers as permanent
members of any response team.
But, I was hoping what I described above would be a bit more flexible
than needing to have a list. The downside is that the response team
needs to explicitly ask every time for folks like you to be included.