On Mon, Jan 27, 2020 at 11:00:29AM +0100, Thomas Huth wrote: > On 23/01/2020 20.43, Eric Blake wrote: > > On 1/23/20 11:11 AM, Thomas Huth wrote: > >> One reporter of a security issue recently complained that it might not > >> be the best idea to store our "Security Process" in the Wiki. Well, while > >> the page in the Wiki is protected (so that only some few people can edit > >> it), it is still possible that someone might find a bug in the Wiki > >> software to alter the page contents... > >> Anyway, it looks more trustworthy if we present the "Security Process" > >> information in the static website instead. Thus this patch adds the > >> information from the wiki to the Jekyll-based website now. > >> > >> Signed-off-by: Thomas Huth <th...@redhat.com> > >> --- > >> v2: Improved some sentences as suggested by Paolo > >> > > > >> +### Publication embargo > >> + > >> +As a security issue reported, that is not already publically disclosed > > > > publicly > > > >> +elsewhere, has an embargo date assigned and communicated to reporter. > >> Embargo > > > > Reads awkwardly. I'd suggest: > > > > If a security issue is reported that is not already publicly disclosed, > > an embargo date may be assigned and communicated to the reporter. > > Ok, thanks, I've added your suggestions and pushed the changes now to > the website. > > To the people on CC: ... could someone please update the wiki page > (https://wiki.qemu.org/SecurityProcess) to point to > https://www.qemu.org/contribute/security-process/ instead? ... I don't > have write access to that page, so I can not do that on my own. > > Thomas
Stefan I think you can do it right? -- MST
