From: Andy Lutomirski <luto@kernel.org>
To: James Bottomley <James.Bottomley@hansenpartnership.com>
Cc: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>,
ksummit-discuss@lists.linuxfoundation.org
Subject: Re: [Ksummit-discuss] [MAINTAINERS SUMMIT] Handling of embargoed security issues
Date: Sat, 8 Sep 2018 15:33:22 -0700 [thread overview]
Message-ID: <CALCETrXwqgX41dmZhG55wGoZvmsn8qUdYMHG5_ne2hH7Oa65=A@mail.gmail.com> (raw)
In-Reply-To: <1536441899.22308.11.camel@HansenPartnership.com>
On Sat, Sep 8, 2018 at 2:24 PM, James Bottomley
<James.Bottomley@hansenpartnership.com> wrote:
> On Sat, 2018-09-08 at 12:49 -0700, Linus Torvalds wrote:
>> On Sat, Sep 8, 2018, 08:54 James Bottomley <
>> James.Bottomley@hansenpartnership.com> wrote:
>>
>> >
>> > OK, let me make it more specific: there exists no individual
>> > contributing to open source in a leadership capacity for whom a
>> > signable NDA cannot be crafted.
>> >
>>
>> No.
>>
>> I don't sign NDA's. I just don't do it.
>>
>> It's that simple.
>
> But that's you're choice; it's not because legally you can't.
>
>> It's actually worked pretty well. It started because I worked for a
>> direct competitor to Intel, and couldn't sign an NDA for the really
>> old f0 0f lockup issue.
>>
>> Not having an NDA back then turned out to be a good thing, because it
>> made it a non-issue when leaks happened. So I started the policy that
>> I never want to be in the position that I had to worry legally about
>> being in the position of being under an NDA and knowing things
>> outside of the leaks.
>>
>> Instead, I've had a gentleman's agreement with companies - nothing
>> legally binding, but over the years people have come to realize that
>> the leaks don't come from me.
>>
>> So I don't do NDA's. Maybe some Linux Foundation NDA agreement
>> technically covers me, but at least with the Intel cases, Intel is
>> actually aware of my non-NDA situation and is fine with it.
>
> I'm fine with all of this as an argument. If we believe that signing
> NDAs would eventually lead to worse disasters because agreeing to them
> now means corporations never change and never take our views into
> account, then we should have the debate and make the decision for sound
> policy reasons not because there's some spurious legal bar.
>
My NDA is through my company. I would *love* to cancel it and set up
a replacement arrangement through LF or a similar entity, or to just
not replace it at all. My company is not equipped for the kind of
wrangling that would have helped during Meltdown and a couple of other
situations, whereas anything reasonable set up for the purpose would
work much better.
next prev parent reply other threads:[~2018-09-08 22:33 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-06 19:18 Jiri Kosina
2018-09-06 20:56 ` Linus Torvalds
2018-09-06 21:14 ` Jiri Kosina
2018-09-06 22:51 ` Eduardo Valentin
2018-09-07 9:17 ` Jani Nikula
2018-09-07 14:43 ` David Woodhouse
2018-09-06 22:55 ` Eduardo Valentin
2018-09-07 8:21 ` Geert Uytterhoeven
2018-09-10 23:26 ` Eduardo Valentin
2018-09-11 8:45 ` Greg KH
2018-09-11 17:10 ` Dave Hansen
2018-09-11 18:28 ` Greg KH
2018-09-11 18:44 ` Thomas Gleixner
2018-09-07 13:30 ` Jiri Kosina
2018-09-09 12:55 ` Greg KH
2018-09-09 19:48 ` Jiri Kosina
2018-09-10 4:04 ` Eduardo Valentin
2018-09-12 7:03 ` Greg KH
2018-09-10 4:12 ` Eduardo Valentin
2018-09-10 11:10 ` Mark Brown
2018-09-12 4:22 ` Balbir Singh
2018-09-08 4:21 ` Andy Lutomirski
2018-09-08 8:56 ` Thomas Gleixner
2018-09-08 11:21 ` Mauro Carvalho Chehab
2018-09-08 11:34 ` Greg KH
2018-09-08 14:20 ` Andy Lutomirski
2018-09-08 15:29 ` Greg KH
2018-09-08 15:00 ` James Bottomley
2018-09-08 15:32 ` Greg KH
2018-09-08 15:54 ` James Bottomley
2018-09-08 19:49 ` Linus Torvalds
2018-09-08 21:24 ` James Bottomley
2018-09-08 22:33 ` Andy Lutomirski [this message]
2018-09-09 12:18 ` Mauro Carvalho Chehab
2018-09-10 22:59 ` Dave Hansen
2018-09-11 8:48 ` Greg KH
2018-09-09 12:51 ` Greg KH
2018-09-09 14:20 ` Linus Torvalds
2018-09-09 14:38 ` James Bottomley
2018-09-09 14:51 ` Andy Lutomirski
2018-09-09 17:20 ` Theodore Y. Ts'o
2018-09-09 17:48 ` David Woodhouse
2018-09-09 18:17 ` Andy Lutomirski
2018-09-09 18:56 ` Theodore Y. Ts'o
2018-09-09 19:19 ` Andy Lutomirski
2018-09-09 20:20 ` Jiri Kosina
2018-09-09 21:36 ` James Bottomley
2018-09-10 9:25 ` Thomas Gleixner
2018-09-10 14:40 ` James Bottomley
2018-09-11 8:20 ` Jiri Kosina
2018-09-11 9:03 ` Thomas Gleixner
2018-09-09 19:41 ` Jiri Kosina
2018-09-08 19:26 ` Jiri Kosina
2018-09-08 19:47 ` James Bottomley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CALCETrXwqgX41dmZhG55wGoZvmsn8qUdYMHG5_ne2hH7Oa65=A@mail.gmail.com' \
--to=luto@kernel.org \
--cc=James.Bottomley@hansenpartnership.com \
--cc=ksummit-discuss@lists.linuxfoundation.org \
--cc=mchehab+samsung@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox