Hi,
Please vote +1, 0, -1 with explanation as usual. You can reply publicly or in private and I will collate results on the 9th.
Regards Lars
--- Specific process ... 4. Advisory pre-release:
This occurs only if the advisory is embargoed (ie, the problem is not already public):
As soon as our advisory is available, we will send it, including patches, to members of the Xen security pre-disclosure list.
For more information about this list, see below. At this stage the advisory will be clearly marked with the embargo date. ---
Proposed text (this adds an additional paragraph, while leaving the existing text as-is): --- Specific process ... 4. Advisory pre-release:
This occurs only if the advisory is embargoed (ie, the problem is not already public):
As soon as our advisory is available, we will send it, including patches, to members of the Xen security pre-disclosure list.
In the event that we do not have a patch available two working weeks before the disclosure date, we aim to send an advisory that reflects the current state of knowledge to the Xen security pre-disclosure list. An updated advisory will be published as soon as available.
For more information about this list, see below. At this stage the advisory will be clearly marked with the embargo date. --- |