From: Andy Lutomirski <luto@amacapital.net>
To: "Theodore Y. Ts'o" <tytso@mit.edu>
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>,
mchehab+samsung@kernel.org,
ksummit <ksummit-discuss@lists.linuxfoundation.org>
Subject: Re: [Ksummit-discuss] [MAINTAINERS SUMMIT] Handling of embargoed security issues
Date: Sun, 9 Sep 2018 12:19:00 -0700 [thread overview]
Message-ID: <57183BEA-214F-46BD-9FA8-D58162D081BC@amacapital.net> (raw)
In-Reply-To: <20180909185651.GF22251@thunk.org>
> On Sep 9, 2018, at 11:56 AM, Theodore Y. Ts'o <tytso@mit.edu> wrote:
>
>> On Sun, Sep 09, 2018 at 11:17:20AM -0700, Andy Lutomirski wrote:
>>
>> What I want is the opposite of an NDA. I want a gentlemen’s
>> agreement plus an explicit statement that the relevant people *may*
>> talk about the issue among themselves despite any NDAs that might
>> already exist. And that they may release patches when the embargo is
>> up. And that the embargo has an end date, and that the developers
>> may decline an extension.
>
> So what you're talking about is some kind of "Memo of Understanding"
> that has no talk about "if this leaks it will Intel will suffer
> millons and billons and zillons of dollars and Intel well sue you
> until your assets are a smoking crater in the ground"?
Yes
>
> If there are no consequences to violating the Gentleman's agreement
> (other than not being included the next time *when* another CPU
> vulnerability comes up), then nothing really needs to be signed, since
> it has no legal impact.
Here I disagree. The consequence to *Intel* for signing needs to be clear. If I’m included, and Intel thinks I leaked it or their attorneys get overzealous and complain that I talked to someone at SUSE or whatever or that I *gasp* published a patch on the day the embargo ended and they sue *me* for zillions under my preexisting, then I want to point to this agreement and say “no, and by suing me you are in breach of this contract”.
>
> I'd certainly support such a thing, but in my view it's really no
> different from Linus's #2:
>
> 2. Force industry to adopt new norms that actually work well with open
> source.
> If the MOU with no teeth is enough to save the lawyer's face, that
> would be great.
>
That too.
next prev parent reply other threads:[~2018-09-09 19:19 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-06 19:18 Jiri Kosina
2018-09-06 20:56 ` Linus Torvalds
2018-09-06 21:14 ` Jiri Kosina
2018-09-06 22:51 ` Eduardo Valentin
2018-09-07 9:17 ` Jani Nikula
2018-09-07 14:43 ` David Woodhouse
2018-09-06 22:55 ` Eduardo Valentin
2018-09-07 8:21 ` Geert Uytterhoeven
2018-09-10 23:26 ` Eduardo Valentin
2018-09-11 8:45 ` Greg KH
2018-09-11 17:10 ` Dave Hansen
2018-09-11 18:28 ` Greg KH
2018-09-11 18:44 ` Thomas Gleixner
2018-09-07 13:30 ` Jiri Kosina
2018-09-09 12:55 ` Greg KH
2018-09-09 19:48 ` Jiri Kosina
2018-09-10 4:04 ` Eduardo Valentin
2018-09-12 7:03 ` Greg KH
2018-09-10 4:12 ` Eduardo Valentin
2018-09-10 11:10 ` Mark Brown
2018-09-12 4:22 ` Balbir Singh
2018-09-08 4:21 ` Andy Lutomirski
2018-09-08 8:56 ` Thomas Gleixner
2018-09-08 11:21 ` Mauro Carvalho Chehab
2018-09-08 11:34 ` Greg KH
2018-09-08 14:20 ` Andy Lutomirski
2018-09-08 15:29 ` Greg KH
2018-09-08 15:00 ` James Bottomley
2018-09-08 15:32 ` Greg KH
2018-09-08 15:54 ` James Bottomley
2018-09-08 19:49 ` Linus Torvalds
2018-09-08 21:24 ` James Bottomley
2018-09-08 22:33 ` Andy Lutomirski
2018-09-09 12:18 ` Mauro Carvalho Chehab
2018-09-10 22:59 ` Dave Hansen
2018-09-11 8:48 ` Greg KH
2018-09-09 12:51 ` Greg KH
2018-09-09 14:20 ` Linus Torvalds
2018-09-09 14:38 ` James Bottomley
2018-09-09 14:51 ` Andy Lutomirski
2018-09-09 17:20 ` Theodore Y. Ts'o
2018-09-09 17:48 ` David Woodhouse
2018-09-09 18:17 ` Andy Lutomirski
2018-09-09 18:56 ` Theodore Y. Ts'o
2018-09-09 19:19 ` Andy Lutomirski [this message]
2018-09-09 20:20 ` Jiri Kosina
2018-09-09 21:36 ` James Bottomley
2018-09-10 9:25 ` Thomas Gleixner
2018-09-10 14:40 ` James Bottomley
2018-09-11 8:20 ` Jiri Kosina
2018-09-11 9:03 ` Thomas Gleixner
2018-09-09 19:41 ` Jiri Kosina
2018-09-08 19:26 ` Jiri Kosina
2018-09-08 19:47 ` James Bottomley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=57183BEA-214F-46BD-9FA8-D58162D081BC@amacapital.net \
--to=luto@amacapital.net \
--cc=James.Bottomley@HansenPartnership.com \
--cc=ksummit-discuss@lists.linuxfoundation.org \
--cc=mchehab+samsung@kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox