[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH SECURITY-POLICY 7/9] Clarify and fix prior consultation text

The prior consultation clause should applies to all disclosure
exceptions.  The list end appears to have been moved by mistake.  So
put it back.

Also, no longer suggest that predisclosure list members should consult
with the discoverer, since the discoverer is not generally known to
predisclosure list members.

Signed-off-by: Ian Jackson <ijackson@xxxxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
 security_vulnerability_process.html |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/security_vulnerability_process.html 
index d1d40ca..2d7c43e 100644
--- a/security_vulnerability_process.html
+++ b/security_vulnerability_process.html
@@ -200,9 +200,10 @@ partners:</p>
   <li>the impact, scope, set of vulnerable systems or the nature of
   the vulnerability</li>
   <li>revision control commits which are a fix for the problem</li>
-  <li>patched software (even in binary form) without prior
-  consultation with security@xenproject and/or the discoverer.</li>
+  <li>patched software (even in binary form)</li>
+without prior
+consultation with security@xenproject.
 <p>List members are allowed to make available to their users only the

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.