The prior consultation clause should applies to all disclosure
exceptions.  The list end appears to have been moved by mistake.  So
put it back.

Also, no longer suggest that predisclosure list members should consult
with the discoverer, since the discoverer is not generally known to
predisclosure list members.

Signed-off-by: Ian Jackson <ijack...@chiark.greenend.org.uk>
Signed-off-by: Ian Jackson <ian.jack...@eu.citrix.com>
---
 security_vulnerability_process.html |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/security_vulnerability_process.html 
b/security_vulnerability_process.html
index 2d32e51..7412652 100644
--- a/security_vulnerability_process.html
+++ b/security_vulnerability_process.html
@@ -200,9 +200,10 @@ partners:</p>
   <li>the impact, scope, set of vulnerable systems or the nature of
   the vulnerability</li>
   <li>revision control commits which are a fix for the problem</li>
-  <li>patched software (even in binary form) without prior
-  consultation with security@xenproject and/or the discoverer.</li>
+  <li>patched software (even in binary form)</li>
 </ul>
+without prior
+consultation with security@xenproject.
 <p>List members are allowed to make available to their users only the
 following:</p>
 <ul>
-- 
1.7.10.4


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Reply via email to