[Ksummit-discuss] [MAINTAINERS SUMMIT] Handling of embargoed security issues

James Bottomley James.Bottomley at HansenPartnership.com
Sat Sep 8 15:54:26 UTC 2018


On Sat, 2018-09-08 at 17:32 +0200, Greg KH wrote:
> On Sat, Sep 08, 2018 at 08:00:29AM -0700, James Bottomley wrote:
> > On Sat, 2018-09-08 at 13:34 +0200, Greg KH wrote:
> > > On Sat, Sep 08, 2018 at 08:21:41AM -0300, Mauro Carvalho Chehab
> > > wrote:
> > > > IMHO, the best would be to have a formal/legal way to handle
> > > > it.
> > > 
> > > No, sorry, some of us are not allowed legally to sign NDAs for
> > > stuff like this.
> > 
> > As a blanket statement this simply isn't true.
> 
> Um, I said "some of us".  Some of us can, some of us can not.  That's
> a blanket statement that has to be true :)

OK, let me make it more specific: there exists no individual
contributing to open source in a leadership capacity for whom a
signable NDA cannot be crafted.

The reason is fairly simple: leadership positions come with duties of
care which include duties of confidentiality (think adjudication of
anti-harassment policy or code of conflict) and an NDA could be crafted
directly along the lines of the duty of confidentiality.  Now it's not
that an employment or other agreement couldn't forbid this, but if it
did the leader in question would be in a false position already because
their agreement effectively forbids them from taking a leadership
position in open source in the first place.

James




More information about the Ksummit-discuss mailing list