lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20181020192845.48b8b860@alans-desktop>
Date:   Sat, 20 Oct 2018 19:28:45 +0100
From:   Alan Cox <gnomes@...rguk.ukuu.org.uk>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:     linux-kernel <linux-kernel@...r.kernel.org>,
        ksummit-discuss@...ts.linuxfoundation.org,
        Thomas Gleixner <tglx@...utronix.de>,
        Olof Johansson <olof@...om.net>, Chris Mason <clm@...com>,
        Mishi Choudhary <mishi@...ux.com>
Subject: Re: [PATCH 6/7] Code of Conduct: Change the contact email address


> +to the circumstances. The Code of Conduct Committee is obligated to
> +maintain confidentiality with regard to the reporter of an incident.
> +Further details of specific enforcement policies may be posted
> +separately.

Unfortunately by ignoring the other suggestions on this you've left this
bit broken.

The committee can't keep most stuff confidential so it's misleading and
wrong to imply they can. Data protection law, reporting laws in some
countries and the like mean that anyone expecting an incident to remain
confidential from the person it was reported against is living in
dreamland and are going to get a nasty shock.

At the very least it should say '(except where required by law)'.

There is a separate issue that serious things should always go to law
enforcement - you are setting up a policy akin to the one that got the
catholic church and many others in trouble.

You should also reserving the right to report serious incidents directly
to law enforcement. Unless of course you want to be forced to sit on
multiple reports of physical abuse from different people about
someone - unable to tell them about each others report, unable to prove
anything, and in twenty years time having to explain to the media why
nothing was done.

Alan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ