= Confidentiality
Security Project Members are required to keep information learned through
channels where this would be expected confidential. Such channels would
include, but is not limited to, (i) explicit embargoed information provided
through pre-notification procedures, (ii) auditing work, either internal or
provided by an external source through established communication channels for
such matters (inter alia encrypted email and bugzilla), (iii) any other such
information that is marked as confidential by the source. Access to other
Gentoo Developers or other third parties must only be granted on a need to
know basis, and others gaining such access are similarly required to keep the
information confidential.