[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20190910172649.74639177@viggo.jf.intel.com>
Date: Tue, 10 Sep 2019 10:26:49 -0700
From: Dave Hansen <dave.hansen@...ux.intel.com>
To: linux-kernel@...r.kernel.org
Cc: Dave Hansen <dave.hansen@...ux.intel.com>, corbet@....net,
gregkh@...uxfoundation.org, sashal@...nel.org, ben@...adent.org.uk,
tglx@...utronix.de, labbott@...hat.com, andrew.cooper3@...rix.com,
tsoni@...eaurora.org, keescook@...omium.org, tony.luck@...el.com,
linux-doc@...r.kernel.org, dan.j.williams@...el.com
Subject: [PATCH 2/4] Documentation/process: describe relaxing disclosing party NDAs
From: Dave Hansen <dave.hansen@...ux.intel.com>
Hardware companies like Intel have lots of information which they
want to disclose to some folks but not others. Non-disclosure
agreements are a tool of choice for helping to ensure that the
flow of information is controlled.
But, they have caused problems in mitigation development. It
can be hard for individual developers employed by companies to
figure out how they can participate, especially if their
employer is under an NDA.
To make this easier for developers, make it clear to disclosing
parties that they are expected to give permission for individuals
to participate in mitigation efforts.
Cc: Jonathan Corbet <corbet@....net>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Sasha Levin <sashal@...nel.org>
Cc: Ben Hutchings <ben@...adent.org.uk>
Cc: Thomas Gleixner <tglx@...utronix.de>
Cc: Laura Abbott <labbott@...hat.com>
Cc: Andrew Cooper <andrew.cooper3@...rix.com>
Cc: Trilok Soni <tsoni@...eaurora.org>
Cc: Kees Cook <keescook@...omium.org>
Cc: Tony Luck <tony.luck@...el.com>
Cc: linux-doc@...r.kernel.org
Cc: linux-kernel@...r.kernel.org
Acked-by: Dan Williams <dan.j.williams@...el.com>
Signed-off-by: Dave Hansen <dave.hansen@...ux.intel.com>
---
b/Documentation/process/embargoed-hardware-issues.rst | 7 +++++++
1 file changed, 7 insertions(+)
diff -puN Documentation/process/embargoed-hardware-issues.rst~hw-sec-0 Documentation/process/embargoed-hardware-issues.rst
--- a/Documentation/process/embargoed-hardware-issues.rst~hw-sec-0 2019-09-10 08:39:02.835488131 -0700
+++ b/Documentation/process/embargoed-hardware-issues.rst 2019-09-10 08:39:02.838488131 -0700
@@ -74,6 +74,13 @@ unable to enter into any non-disclosure
is aware of the sensitive nature of such issues and offers a Memorandum of
Understanding instead.
+Disclosing parties may have shared information about an issue under a
+non-disclosure agreement with third parties. In order to ensure that
+these agreements do not interfere with the mitigation development
+process, the disclosing party must provide explicit permission to
+participate to any response team members affected by a non-disclosure
+agreement. Disclosing parties must resolve requests to do so in a
+timely manner.
Memorandum of Understanding
---------------------------
_
Powered by blists - more mailing lists