From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 14F93CC3 for ; Sat, 8 Sep 2018 19:49:20 +0000 (UTC) Received: from mail-it0-f48.google.com (mail-it0-f48.google.com [209.85.214.48]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id A0CCC8B for ; Sat, 8 Sep 2018 19:49:19 +0000 (UTC) Received: by mail-it0-f48.google.com with SMTP id p79-v6so24807564itp.3 for ; Sat, 08 Sep 2018 12:49:19 -0700 (PDT) MIME-Version: 1.0 References: <20180908082141.15d72684@coco.lan> <20180908113411.GA3111@kroah.com> <1536418829.22308.1.camel@HansenPartnership.com> <20180908153235.GB11120@kroah.com> <1536422066.22308.3.camel@HansenPartnership.com> In-Reply-To: <1536422066.22308.3.camel@HansenPartnership.com> From: Linus Torvalds Date: Sat, 8 Sep 2018 12:49:07 -0700 Message-ID: To: James Bottomley Content-Type: multipart/alternative; boundary="00000000000075aedd0575616b38" Cc: mchehab+samsung@kernel.org, ksummit-discuss@lists.linuxfoundation.org Subject: Re: [Ksummit-discuss] [MAINTAINERS SUMMIT] Handling of embargoed security issues List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , --00000000000075aedd0575616b38 Content-Type: text/plain; charset="UTF-8" On Sat, Sep 8, 2018, 08:54 James Bottomley < James.Bottomley@hansenpartnership.com> wrote: > > OK, let me make it more specific: there exists no individual > contributing to open source in a leadership capacity for whom a > signable NDA cannot be crafted. > No. I don't sign NDA's. I just don't do it. It's that simple. It's actually worked pretty well. It started because I worked for a direct competitor to Intel, and couldn't sign an NDA for the really old f0 0f lockup issue. Not having an NDA back then turned out to be a good thing, because it made it a non-issue when leaks happened. So I started the policy that I never want to be in the position that I had to worry legally about being in the position of being under an NDA and knowing things outside of the leaks. Instead, I've had a gentleman's agreement with companies - nothing legally binding, but over the years people have come to realize that the leaks don't come from me. So I don't do NDA's. Maybe some Linux Foundation NDA agreement technically covers me, but at least with the Intel cases, Intel is actually aware of my non-NDA situation and is fine with it. Linus > --00000000000075aedd0575616b38 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


= On Sat, Sep 8, 2018, 08:54 James Bottomley <James.Bottomley@hansenpartnership.com> = wrote:

OK, let me make it more specific: there exists no individual
contributing to open source in a leadership capacity for whom a
signable NDA cannot be crafted.

No.=C2=A0

<= div dir=3D"auto">I don't sign NDA's. I just don't do it.
<= div dir=3D"auto">
It's that simple.=C2=A0

It's actually worked p= retty well. It started because I worked for a direct competitor to Intel, a= nd couldn't sign an NDA for the really old f0 0f lockup issue.=C2=A0

Not having an NDA back the= n turned out to be a good thing, because it made it a non-issue when leaks = happened. So I started the policy that I never want to be in the position t= hat I had to worry legally about being in the position of being under an ND= A and knowing things outside of the leaks.

Instead, I've had a gentleman's agreement with c= ompanies - nothing legally binding, but over the years people have come to = realize that the leaks don't come from me.

<= /div>
So I don't do NDA's. Maybe some Linux Founda= tion NDA agreement technically covers me, but at least with the Intel cases= , Intel is actually aware of my non-NDA situation and is fine with it.

=C2=A0 =C2=A0 =C2=A0 Linus
--00000000000075aedd0575616b38--