On 23/01/2020 20.43, Eric Blake wrote: > On 1/23/20 11:11 AM, Thomas Huth wrote: >> One reporter of a security issue recently complained that it might not >> be the best idea to store our "Security Process" in the Wiki. Well, while >> the page in the Wiki is protected (so that only some few people can edit >> it), it is still possible that someone might find a bug in the Wiki >> software to alter the page contents... >> Anyway, it looks more trustworthy if we present the "Security Process" >> information in the static website instead. Thus this patch adds the >> information from the wiki to the Jekyll-based website now. >> >> Signed-off-by: Thomas Huth <th...@redhat.com> >> --- >> v2: Improved some sentences as suggested by Paolo >> > >> +### Publication embargo >> + >> +As a security issue reported, that is not already publically disclosed > > publicly > >> +elsewhere, has an embargo date assigned and communicated to reporter. >> Embargo > > Reads awkwardly. I'd suggest: > > If a security issue is reported that is not already publicly disclosed, > an embargo date may be assigned and communicated to the reporter.
Ok, thanks, I've added your suggestions and pushed the changes now to the website. To the people on CC: ... could someone please update the wiki page (https://wiki.qemu.org/SecurityProcess) to point to https://www.qemu.org/contribute/security-process/ instead? ... I don't have write access to that page, so I can not do that on my own. Thomas
