www-jcp-open mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: TSFKAJ
Date Sun, 15 Jul 2007 11:24:36 GMT
Geir Magnusson Jr. wrote:
> On Jul 15, 2007, at 12:29 AM, William A. Rowe, Jr. wrote:
>> Geir Magnusson Jr. wrote:
>>> The point I'm trying to make is that the basic notions of an NDA - to
>>> agree not to disclose information given to you in a specific context
>>> except to those who have agreed to the same conditions - are the same
>>> basic notions of a private list, which we accept.
>> With respect to technical or code discussions?  That would come as a huge
>> surprise and shock to me.
> We do for security lists.  And the only code discussions that would fall
> under the JCP NDA is if you are discussing Sun's TCK code.  It doesn't
> apply to ASF code of course.  So lets not confuse the issue.

Uhm - of course in 20/20 hindsite, the details of a security issue are
public.  In general the original report is made plain and public after
a chance to remedy the bug.  (Sometimes, before).

We don't do a good job, and we aught to, of republishing the details of
the security discussion once the security issue has been resolved.

> I take it then, Bill, that if the ASF asked every PMC member to sign an
> NDA to join the PMC's private@*.apache.org lists, that would be ok with
> you?


> For example, if you took
>   http://www.apache.org/jcp/ApacheNDA.pdf
> and tweaked it so that it wasn't only about "confidential materials"
> from "third parties", wouldn't it represent the state of affairs that we
> hope exists for private@*, members@*, board@*, etc?

Perhaps, and again, no, ApacheNDA.pdf is superfluous.

> I imagine that under the right circumstances, someone could do quite a
> bit of damage with some of the info floating around on various private
> lists...

And they have, in the past.  The point is, we are unlikely to sue.  We are
more likely to remove the individual from participation on such forums.

But once they are informed of the confidential nature of private@ pmc lists
we use to discuss **people issues**, and once they know the license that
binds them for TCK usage terms, we need to give our participants a *little*
credit that they will follow such policies.  I'm totally against having them
sign an NDA to that effect.


View raw message