On Thu, Apr 26, 2007 at 02:41:02AM -0600, Scott Long wrote: > Yar Tikhiy wrote: > >On Thu, Apr 26, 2007 at 12:42:14AM -0600, Scott Long wrote: > >>Yar Tikhiy wrote: > >>>On Wed, Apr 25, 2007 at 02:41:00PM -0400, Stephan Uphoff wrote: > >>>>Yar Tikhiy wrote: > >>>>>On Sat, Apr 21, 2007 at 09:54:12AM -0600, Coleman Kane wrote: > >>>>> > >>>>>>On Sat, 2007-04-21 at 17:03 +0200, Andre Oppermann wrote: > >>>>>> > >>>>>>>Stephan Uphoff wrote: > >>>>>>> > >>>>>>>>ups 2007-04-21 14:17:30 UTC > >>>>>>>> > >>>>>>>>FreeBSD src repository > >>>>>>>> > >>>>>>>>Modified files: > >>>>>>>> sys/amd64/amd64 pmap.c > >>>>>>>> sys/i386/i386 pmap.c > >>>>>>>>Log: > >>>>>>>>Modify TLB invalidation handling. > >>>>>>>> > >>>>>>>>Reviewed by: alc@, peter@ > >>>>>>>>MFC after: 1 week > >>>>>>>> > >>>>>>>Could you be a bit more verbose what changed here and why it > >>>>>>>was done? > >>>>>>> > >>>>>>> > >>>>>>I agree. I would really like to know what the modification > >>>>>>accomplishes. > >>>>>> > >>>>>Alas, we don't live in an ideal world. If we did, our commit > >>>>>messages would always follow the well-known guideline: > >>>>> > >>>>>0. Tell the essence of the change. > >>>>>1. Give the reason for the change. > >>>>>2. Explain the change unless it's trivial. > >>>>> > >>>>> > >>>>In the ideal world there are no NDAs :-) > >>>Was the change based on a document under NDA? Then this case raises > >>>an interesting question: to what extent an open source developer > >>>is allowed to explain his code that was based on a document under > >>>NDA? Of course, it should depend on the NDA, but I suspect that a > >>>typical NDA requires a lawyer to interpret it unambiguously (I've > >>>never signed one by myself), and an overcautious lawyer would say > >>>that the open source code itself violates the NDA because anybody > >>>can RTFS. :-) > >>> > >>Wow, that was painful to read. NDAs that specifically allow source > >>code licensing and distribution are quite common. They even get written > >>and reviewed by lawyers! =-) > > > >It's a good news! But what about explaining the code to the public? > > > >- Mr. Developer, why does it take an ugly hack to make the device work? > >- Can't tell ya, I'm under NDA. > > > > I think you have to respect that John and Stephan were doing the right > thing with this. This was no different than a security fix that gets > committed before the vulnerability is disclosed. No one seems to get > upset that the security team operates this way.
John and Stephan are doing a great job in any case, but I fail to understand your point. I can't see how the two cases can be the same. A fixed vulnerability is no more a threat to security, but NDA doesn't get cancelled upon the commit. So I was curious about how much knowledge a developer is legally allowed to relay to the community besides the code itself if he is tied by NDA. -- Yar _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "[EMAIL PROTECTED]"