Group Proposal, for discussion: Vulnerability Group
Volker Simonis
volker.simonis at gmail.com
Thu Oct 12 07:38:54 UTC 2017
Hi,
what's the current status of this group/proposal?
Can you please at least post a final version of the "OPENJDK
VULNERABILITY GROUP NONDISCLOSURE AND LICENSE AGREEMENT"? The one you
cite (http://cr.openjdk.java.net/~mr/ojvg/ojvg-ndla-draft-2017-01-23.pdf)
is still marked as "Draft". I really want to get this agreement signed
by my employer but I'm currently stuck because it makes little sense
to sign a draft document.
Thank you and best regards,
Volker
On Tue, Sep 5, 2017 at 8:38 PM, Martijn Verburg
<martijnverburg at gmail.com> wrote:
> Hi Mark,
>
> Apologies for the radio silence. I was going to suggest edits de-emphasising
> Oracle's leadership / central role in this group, not because Oracle
> doesn't deserve to or have the right to lead, but more that I wanted to see
> the principles of shared vulnerability ownership (across all the vendors)
> front and center in the proposal.
>
> After a careful re-read of the doc I've realised that my impression was
> plain wrong and that the shared ownership is very much advocated.
>
> Thanks again for proposing this important group, it's really good to see!
>
>
>
> Cheers,
> Martijn
>
> On 24 August 2017 at 22:16, <mark.reinhold at oracle.com> wrote:
>
>> 2017/8/24 10:33:41 -0700, martijnverburg at gmail.com:
>> > Totally applaud this idea! I have some suggested wording changes that
>> > might be easiest to suggest as a diff or some sort of track changes on
>> the
>> > original text. Do you have a preferred mechanism for that type of
>> feedback?
>>
>> If you'd like to propose a patch, I've posted the Markdown source here:
>>
>> http://cr.openjdk.java.net/~mr/ojvg/ojvg.md
>>
>> - Mark
>>
More information about the discuss
mailing list