> I don't think we could agree to the NDA even if we wanted to because I already tweeted about the incident before being offered compensation
NDAs usually exclude from the definition of confidential information anything disclosed before the fact. They also don’t typically restrict you from letting regulators, et cetera know things.
Unless you were planning on writing a book about the experience, the NDA probably wasn’t restricting you. Unless you were planning on going to court, the arbitration clause probably made your ability to seek redress cheaper.
Note: I am not a lawyer. This is not legal advice.
> The fact that 'contact Onity, then disclose publicly after a reasonable period of time' is nowhere on his list just blows my mind.
That's the very first thing on the list. Quote: "The standard 'Responsible Disclosure' approach would be to notify Onity and give them X months to deal with the issue before taking it public."
>> You've likely already broken your NDA by admitting you signed one or that one exists
In my opinion and I'm not a laywer, you aren't violating an NDA by stating an NDA exists unless the NDA explicitly states to not state that it exists. He did not disclose anything about the NDA or parties signed to it or any content that the NDA covers.
We can reasonably assume that the postmortem is truthful. Since they’re a publicly traded company, lying about this incident would be a quick way to turn an embarrassment into a felony.
> once that party has been shown to act maliciously, extra scrutiny is warranted
It's nonsense that they acted maliciously. The original research was handled terribly, but it was not malicious. They intended to help, not hurt, even if they did so very poorly.
Further, that is one advisor, whose name is not being dragged. Aditya's name, however, is, thanks to Greg's slanderous comments.
https://twitter.com/_mackal/status/1384910754151866370
"The simple fact that Aditya Pakki is so butt hurt proves this
wasn't in good faith and their only reason for doing it is to
shit out another hit piece. That email you quoted is fucking insane."
Does that seem right to you? Are these the "consequences" you think are justified, because Aditya was trying to add legitimate patches for a tool he was working on to contribute to the kernel?
All the more reason to not give them the benefit of the doubt with shit like this. If they say something flat out, that has some weight since there could be legal repercussions for lying (in theory anyway.) But not saying anything and letting people infer whatever they want? That's how companies with PR and Legal teams like to cover their asses instead of outright lying. The company says nothing and lets their supporters invent whatever headcanon is most flattering. I don't go in for that.
> If you're fine with that, cool, but don't pretend he didn't do anything.
Don't speak for me. I never said he did the right thing. I said stop spinning what-ifs about it, but clearly what I should have said is STFU and do something about it. People getting in each other's grill isn't doing something about it. It's blaming others for whatever issues we, as a group, find polarizing.
> he mentioned it privately and doesn't seem to want to air dirty laundry more than he has too.
Unfortunately, it seems we're getting the worst of both worlds: The dirty laundry is being aired in this thread, but the actual details are being withheld.
From the Tweet thread:
> they've also taken steps to marginalize the core team. and some other dirty shit I won't say rn.
I'm not a fan of these "just trust me" accusations.
Bullshit, before you even finish the sentence. You didn't ask, you accused. Did you read the context of the tweets you linked?
reply