[dpdk-dev] [PATCH 1/2] doc/security: clarify pre-release end of the embargo date
Ferruh Yigit
ferruh.yigit at intel.com
Mon Jun 17 18:06:47 CEST 2019
Clarify that a fixed date will be used for end of embargo (public
disclosure) date while communicating with downstream stakeholders.
Initial document got a review that it gives an impression that
communicated embargo date can be a range like 'less than a week' which
is not the case. The range applies when defining the end of the embargo
date but a fix date will be communicated.
Signed-off-by: Ferruh Yigit <ferruh.yigit at intel.com>
---
doc/guides/contributing/vulnerability.rst | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/doc/guides/contributing/vulnerability.rst b/doc/guides/contributing/vulnerability.rst
index a4bef4857..0d8432d56 100644
--- a/doc/guides/contributing/vulnerability.rst
+++ b/doc/guides/contributing/vulnerability.rst
@@ -182,7 +182,7 @@ When the fix is ready, the security advisory and patches are sent
to downstream stakeholders
(`security-prerelease at dpdk.org <mailto:security-prerelease at dpdk.org>`_),
specifying the date and time of the end of the embargo.
-The public disclosure should happen in **less than one week**.
+The communicated public disclosure date should be **less than one week**
Downstream stakeholders are expected not to deploy or disclose patches
until the embargo is passed, otherwise they will be removed from the list.
--
2.21.0
More information about the dev
mailing list