| Message ID | 20190617160648.8506-1-ferruh.yigit@intel.com (mailing list archive) |
|---|---|
| State | Accepted, archived |
| Delegated to: | Thomas Monjalon |
| Headers | show |
| Series | [1/2] doc/security: clarify pre-release end of the embargo date | expand |
| Context | Check | Description |
|---|---|---|
| ci/checkpatch | success | coding style OK |
| ci/Intel-compilation | success | Compilation OK |
> -----Original Message----- > From: Yigit, Ferruh > Sent: Monday, June 17, 2019 5:07 PM > To: Mcnamara, John <john.mcnamara@intel.com>; Kovacevic, Marko > <marko.kovacevic@intel.com> > Cc: dev@dpdk.org; Thomas Monjalon <thomas@monjalon.net>; Maxime Coquelin > <maxime.coquelin@redhat.com> > Subject: [PATCH 1/2] doc/security: clarify pre-release end of the embargo > date > > Clarify that a fixed date will be used for end of embargo (public > disclosure) date while communicating with downstream stakeholders. > > Initial document got a review that it gives an impression that > communicated embargo date can be a range like 'less than a week' which is > not the case. The range applies when defining the end of the embargo date > but a fix date will be communicated. > Acked-by: John McNamara <john.mcnamara@intel.com>
30/07/2019 13:16, Mcnamara, John: > From: Yigit, Ferruh > > Sent: Monday, June 17, 2019 5:07 PM > > > > Clarify that a fixed date will be used for end of embargo (public > > disclosure) date while communicating with downstream stakeholders. > > > > Initial document got a review that it gives an impression that > > communicated embargo date can be a range like 'less than a week' which is > > not the case. The range applies when defining the end of the embargo date > > but a fix date will be communicated. > > > > Acked-by: John McNamara <john.mcnamara@intel.com> I don't know why these old patches were still pending. Series applied, better late than never :)
diff --git a/doc/guides/contributing/vulnerability.rst b/doc/guides/contributing/vulnerability.rst index a4bef4857..0d8432d56 100644 --- a/doc/guides/contributing/vulnerability.rst +++ b/doc/guides/contributing/vulnerability.rst @@ -182,7 +182,7 @@ When the fix is ready, the security advisory and patches are sent to downstream stakeholders (`security-prerelease@dpdk.org <mailto:security-prerelease@dpdk.org>`_), specifying the date and time of the end of the embargo. -The public disclosure should happen in **less than one week**. +The communicated public disclosure date should be **less than one week** Downstream stakeholders are expected not to deploy or disclose patches until the embargo is passed, otherwise they will be removed from the list.
Clarify that a fixed date will be used for end of embargo (public disclosure) date while communicating with downstream stakeholders. Initial document got a review that it gives an impression that communicated embargo date can be a range like 'less than a week' which is not the case. The range applies when defining the end of the embargo date but a fix date will be communicated. Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com> --- doc/guides/contributing/vulnerability.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)