Hi,
in accordance with the project's governance, I would like to put the following
text changes to a committer vote (committers are on the TO list). The
discussion leading to the changes can be found at
http://lists.xenproject.org/archives/html/xen-devel/2015-05/msg02881.html
<http://lists.xenproject.org/archives/html/xen-devel/2015-05/msg02881.html>
Please vote +1, 0, -1 with explanation as usual. You can reply publicly or in
private and I will collate results on the 9th.
Regards
Lars
Old text in http://www.xenproject.org/security-policy.html
<http://www.xenproject.org/security-policy.html>
---
Specific process
...
4. Advisory pre-release:
This occurs only if the advisory is embargoed (ie, the problem is not already
public):
As soon as our advisory is available, we will send it, including patches, to
members of the Xen security pre-disclosure list.
For more information about this list, see below. At this stage the advisory
will be clearly marked with the embargo date.
---
Proposed text (this adds an additional paragraph, while leaving the existing
text as-is):
---
Specific process
...
4. Advisory pre-release:
This occurs only if the advisory is embargoed (ie, the problem is not already
public):
As soon as our advisory is available, we will send it, including patches, to
members of the Xen security pre-disclosure list.
In the event that we do not have a patch available two working weeks before the
disclosure date, we aim to send an advisory that reflects the current state of
knowledge to the Xen security pre-disclosure list. An updated advisory will be
published as soon as available.
For more information about this list, see below. At this stage the advisory
will be clearly marked with the embargo date.
---
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
