OK, let me make it more specific: there exists no individual
contributing to open source in a leadership capacity for whom a
signable NDA cannot be crafted.
No.
I don't sign NDA's. I just don't do it.
It's that simple.
It's actually worked pretty well. It started because I worked for a direct competitor to Intel, and couldn't sign an NDA for the really old f0 0f lockup issue.
Not having an NDA back then turned out to be a good thing, because it made it a non-issue when leaks happened. So I started the policy that I never want to be in the position that I had to worry legally about being in the position of being under an NDA and knowing things outside of the leaks.
Instead, I've had a gentleman's agreement with companies - nothing legally binding, but over the years people have come to realize that the leaks don't come from me.
So I don't do NDA's. Maybe some Linux Foundation NDA agreement technically covers me, but at least with the Intel cases, Intel is actually aware of my non-NDA situation and is fine with it.
Linus