Re: NDA requirements (was: list stuff)

[Brett Porter <br...@apache.org>]

Geir Magnusson Jr wrote:
> 
> 
> Brett Porter wrote:
>> Sorry for the late reply. Not been at the computer most of the last week.
> 
> I know the feeling.  Been sick myself and then a touch of travel.
> 
> List is done.  You have been added as a moderator.   If you don't mind,
> please continue to ask that all get NDAs signed, but don't let that stop
> you from adding a Member - out-of-order is fine for members on the
> theory that there's some [weird] implicit NDA in place...
> 

Thanks Geir. Can I get clarification on one point about the NDA, since
you are the one with the legal responsibility:

a) are non-members whose employer has signed the JSPA required to sign
an individual NDA? (specifically, Steve has raised this with regards to
HP - note that HP is not on the 277 EG itself though)

b) if members of a) are required to sign an NDA, are Sun employees any
exception to this?

Thanks,
Brett

Re: NDA requirements

[Geir Magnusson Jr <ge...@pobox.com>]

Brett Porter wrote:
> Geir Magnusson Jr wrote:
>> Yes, but as I don't follow the discussion, I didn't know if it would be
>> possible to shadow the topics w/o giving away confidential information.
>>  This is the problem - what is confidential....
>>
>> I wonder if you could get assent from the EG to talk about specific
>> concepts  - like tell them what you are doing "I have an interest list
>> that isn't under NDA... can I discuss $foo to see what they think?"
>>
> 
> I think the problem is I have no idea what $foo is at this point. 

You are on the EG :)  You should know what $foo is.

It's a
> chicken and egg problem - we have people interested, but until there is
> understanding of where its at we don't know what is interesting.
> 

Yes, that's true.

> Let's start where we are at now, and see where it takes us.
> 
>> I dunno. I'm trying... :)
> 
> Thanks :)
> 
> - Brett
> 
> 

Re: NDA requirements

[Brett Porter <br...@apache.org>]

Geir Magnusson Jr wrote:
> Yes, but as I don't follow the discussion, I didn't know if it would be
> possible to shadow the topics w/o giving away confidential information.
>  This is the problem - what is confidential....
> 
> I wonder if you could get assent from the EG to talk about specific
> concepts  - like tell them what you are doing "I have an interest list
> that isn't under NDA... can I discuss $foo to see what they think?"
> 

I think the problem is I have no idea what $foo is at this point. It's a
chicken and egg problem - we have people interested, but until there is
understanding of where its at we don't know what is interesting.

Let's start where we are at now, and see where it takes us.

> I dunno. I'm trying... :)

Thanks :)

- Brett

Re: NDA requirements

[Geir Magnusson Jr <ge...@pobox.com>]

Brett Porter wrote:
> Geir Magnusson Jr wrote:
>> Brett et al : do you think it's possible to run this as a completely
>> open list, that the onus is on you to filter and scrub information that
>> you move across the boundary?  IOW, you don't ever forward mail, you
>> don't move code across the boundary...  I don't know what kinds of
>> things are being discussed in the EG, but can concepts be discussed "in
>> general" on the 277 open list?
> 
> I don't think this would be possible until at least the public draft is
> available. Discussing Java modularity out of context of the JSR is a
> rather large topic. My understanding of the list was to allow discussing
> the specifics of the JSR, not general discussion which there are
> probably other forums we could use.

Yes, but as I don't follow the discussion, I didn't know if it would be 
possible to shadow the topics w/o giving away confidential information. 
  This is the problem - what is confidential....

I wonder if you could get assent from the EG to talk about specific 
concepts  - like tell them what you are doing "I have an interest list 
that isn't under NDA... can I discuss $foo to see what they think?"

I dunno. I'm trying... :)


geir

> 
> What did others think/expect?
> 
> - Brett
> 
> 

Re: NDA requirements

[Steve Loughran <st...@apache.org>]

Brett Porter wrote:
> Geir Magnusson Jr wrote:
>> Brett et al : do you think it's possible to run this as a completely
>> open list, that the onus is on you to filter and scrub information that
>> you move across the boundary?  IOW, you don't ever forward mail, you
>> don't move code across the boundary...  I don't know what kinds of
>> things are being discussed in the EG, but can concepts be discussed "in
>> general" on the 277 open list?
> 
> I don't think this would be possible until at least the public draft is
> available. Discussing Java modularity out of context of the JSR is a
> rather large topic. My understanding of the list was to allow discussing
> the specifics of the JSR, not general discussion which there are
> probably other forums we could use.
> 
> What did others think/expect?

I think its best to keep its closed. That way nobody on the mail list 
needs to be circumspect.

One thing I would like you to strive for is making that test suite 
public once the spec goes up, so that when apache goes to do the impl, 
we dont have a secret test suite that you can't discuss in -dev lists, 
post snippets of on bugreps, etc.

Re: NDA requirements

[Brett Porter <br...@apache.org>]

Geir Magnusson Jr wrote:
> Brett et al : do you think it's possible to run this as a completely
> open list, that the onus is on you to filter and scrub information that
> you move across the boundary?  IOW, you don't ever forward mail, you
> don't move code across the boundary...  I don't know what kinds of
> things are being discussed in the EG, but can concepts be discussed "in
> general" on the 277 open list?

I don't think this would be possible until at least the public draft is
available. Discussing Java modularity out of context of the JSR is a
rather large topic. My understanding of the list was to allow discussing
the specifics of the JSR, not general discussion which there are
probably other forums we could use.

What did others think/expect?

- Brett

Re: NDA requirements

[Geir Magnusson Jr <ge...@pobox.com>]

Steve Loughran wrote:
> Geir Magnusson Jr wrote:
>> What's conflicting?   We're trying to avoid messes like these....
> 
> well, its just the problem of having do another NDA. Theres no conflict 
> of interest yet, but if I get to find out something on the mail list 
> that I shouldnt disclose to HP, then I have a problem, and I dont want 
> to go there. Its a bit like how I make a point of never looking at the 
> source to unix, winnt, vms or java, even though they are on filestores 
> somewhere, because it makes it harder to write OSS code.

Right. The issue here seems to be the confidentiality requirement of the 
material, rather than the NDA itself.  If it was a verbal agreement, 
you'd be bound by same conditions, and have the same problems.  This is 
why the JCP thing is so awful, and why we push to open it where and when 
we can.  The whole discussion of whether or not a member signs an NDA, 
or agrees to same conditions, doesn't change anything.

Brett et al : do you think it's possible to run this as a completely 
open list, that the onus is on you to filter and scrub information that 
you move across the boundary?  IOW, you don't ever forward mail, you 
don't move code across the boundary...  I don't know what kinds of 
things are being discussed in the EG, but can concepts be discussed "in 
general" on the 277 open list?

geir

Re: NDA requirements

[Steve Loughran <st...@apache.org>]

Geir Magnusson Jr wrote:
> What's conflicting?   We're trying to avoid messes like these....

well, its just the problem of having do another NDA. Theres no conflict 
of interest yet, but if I get to find out something on the mail list 
that I shouldnt disclose to HP, then I have a problem, and I dont want 
to go there. Its a bit like how I make a point of never looking at the 
source to unix, winnt, vms or java, even though they are on filestores 
somewhere, because it makes it harder to write OSS code.

-steve

Re: NDA requirements

[Geir Magnusson Jr <ge...@pobox.com>]

What's conflicting?   We're trying to avoid messes like these....

Steve Loughran wrote:
> Geir Magnusson Jr wrote:
>>
>>
>> Brett Porter wrote:
> 
>>>
>>> a) are non-members whose employer has signed the JSPA required to sign
>>> an individual NDA? (specifically, Steve has raised this with regards to
>>> HP - note that HP is not on the 277 EG itself though)
>>
>> Yes.  I'm sure that someone better versed in law will put this better, 
>> but any arrangements between Sun, HP and Steve (in whatever order) 
>> have nothing to do with arrangements between Sun, ASF and Steve.  It's 
>> not like a drivers license or something, for which states grant 
>> reciprocal recognition.  It's not done for gun permits, for some 
>> reason... :)
>>
>>>
>>> b) if members of a) are required to sign an NDA, are Sun employees any
>>> exception to this?
>>
>> That's a great question, and I still think the answer is yes, because 
>> we have no visibility or reliance on arrangements between Sun and its 
>> employees.
>>
>> TO me, the cleanest approach is to ask everyone to sign the NDA.  It 
>> was written deliberately to be as simple and loose as possible because 
>> we're just trying to demonstrate responsible oversight, rather than 
>> try and hose people with stupid process.  If Steve has a problem, and 
>> has a suggestion to make it even simpler or looser, I'm certainly all 
>> ears...
> 
> It's probably best I steer clear of conflicting NDAs, because that only 
> complicates my life, as does talking to lawyers.
> 
> If that means staying off the 277 list until I do sit down and talk to 
> the legal dept, then so be it.
> 
> -steve
> 
> 

Re: NDA requirements

[Steve Loughran <st...@apache.org>]

Geir Magnusson Jr wrote:
> 
> 
> Brett Porter wrote:

>>
>> a) are non-members whose employer has signed the JSPA required to sign
>> an individual NDA? (specifically, Steve has raised this with regards to
>> HP - note that HP is not on the 277 EG itself though)
> 
> Yes.  I'm sure that someone better versed in law will put this better, 
> but any arrangements between Sun, HP and Steve (in whatever order) have 
> nothing to do with arrangements between Sun, ASF and Steve.  It's not 
> like a drivers license or something, for which states grant reciprocal 
> recognition.  It's not done for gun permits, for some reason... :)
> 
>>
>> b) if members of a) are required to sign an NDA, are Sun employees any
>> exception to this?
> 
> That's a great question, and I still think the answer is yes, because we 
> have no visibility or reliance on arrangements between Sun and its 
> employees.
> 
> TO me, the cleanest approach is to ask everyone to sign the NDA.  It was 
> written deliberately to be as simple and loose as possible because we're 
> just trying to demonstrate responsible oversight, rather than try and 
> hose people with stupid process.  If Steve has a problem, and has a 
> suggestion to make it even simpler or looser, I'm certainly all ears...

It's probably best I steer clear of conflicting NDAs, because that only 
complicates my life, as does talking to lawyers.

If that means staying off the 277 list until I do sit down and talk to 
the legal dept, then so be it.

-steve

Re: NDA requirements

[Geir Magnusson Jr <ge...@pobox.com>]

Brett Porter wrote:
> Geir Magnusson Jr wrote:
>>
>> Brett Porter wrote:
>>> Sorry for the late reply. Not been at the computer most of the last week.
>> I know the feeling.  Been sick myself and then a touch of travel.
>>
>> List is done.  You have been added as a moderator.   If you don't mind,
>> please continue to ask that all get NDAs signed, but don't let that stop
>> you from adding a Member - out-of-order is fine for members on the
>> theory that there's some [weird] implicit NDA in place...
>>
> 
> Thanks Geir. Can I get clarification on one point about the NDA, since
> you are the one with the legal responsibility:

Ultimately it's the ASF, but given we have no D&O insurance, I suppose 
that in some twisted and alternative universe that I hope never to live 
in, my house is on the line...  I keep thinking that it would be prudent 
to put in my wife's name, so when I go off to JCP Process Prison, her 
and the kids aren't tossed out into the mean streets :)  I actually 
don't think there is real risk here, but of our keister is well-covered 
by a simple piece of paper...

> 
> a) are non-members whose employer has signed the JSPA required to sign
> an individual NDA? (specifically, Steve has raised this with regards to
> HP - note that HP is not on the 277 EG itself though)

Yes.  I'm sure that someone better versed in law will put this better, 
but any arrangements between Sun, HP and Steve (in whatever order) have 
nothing to do with arrangements between Sun, ASF and Steve.  It's not 
like a drivers license or something, for which states grant reciprocal 
recognition.  It's not done for gun permits, for some reason... :)

> 
> b) if members of a) are required to sign an NDA, are Sun employees any
> exception to this?

That's a great question, and I still think the answer is yes, because we 
have no visibility or reliance on arrangements between Sun and its 
employees.

TO me, the cleanest approach is to ask everyone to sign the NDA.  It was 
written deliberately to be as simple and loose as possible because we're 
just trying to demonstrate responsible oversight, rather than try and 
hose people with stupid process.  If Steve has a problem, and has a 
suggestion to make it even simpler or looser, I'm certainly all ears...

geir

> 
> Thanks,
> Brett
> 
>