>>> On 15.02.17 at 17:37, <george.dun...@citrix.com> wrote: > On 15/02/17 09:44, Jan Beulich wrote: >>>>> On 14.02.17 at 18:25, <george.dun...@citrix.com> wrote: >>> 4. The security team will only issue an advisory if there is a known >>> combination of software in which the vulnerability can be exploited. >> >> Considering the following text, perhaps "may" would end up a little >> less strict here than "can"? Or add "possibly"? Everything else looks >> good to me now, fwiw. > > I understand your concern, I think: There are lots of situations that > won't be black-and-white (because of lack of knowledge), and this makes > it sound like we won't issue an advisory for any gray areas. > > I don't think in this context "can" and "may" have significantly > different meanings in English. > > How about: > > 4. The security team will only issue an advisory if there is a known > combination of software in which the vulnerability can be exploited, or > a significant risk that such a combination exists.
That sounds fine. Jan _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
