Message ID | 20220310175947.273850-1-luca.boccassi@gmail.com (mailing list archive) |
---|---|
State | New |
Delegated to: | Thomas Monjalon |
Headers | show |
Series | doc: relax requirement on commit messages of security fixes | expand |
Context | Check | Description |
---|---|---|
ci/iol-abi-testing | success | Testing PASS |
ci/iol-aarch64-compile-testing | success | Testing PASS |
ci/iol-x86_64-unit-testing | success | Testing PASS |
ci/iol-x86_64-compile-testing | success | Testing PASS |
ci/iol-aarch64-unit-testing | success | Testing PASS |
ci/iol-intel-Functional | success | Functional Testing PASS |
ci/iol-intel-Performance | success | Performance Testing PASS |
ci/github-robot: build | success | github build: passed |
ci/intel-Testing | success | Testing PASS |
ci/Intel-compilation | success | Compilation OK |
ci/iol-mellanox-Performance | success | Performance Testing PASS |
ci/checkpatch | success | coding style OK |
diff --git a/doc/guides/contributing/vulnerability.rst b/doc/guides/contributing/vulnerability.rst index b6300252ad..fc60e02e37 100644 --- a/doc/guides/contributing/vulnerability.rst +++ b/doc/guides/contributing/vulnerability.rst @@ -170,7 +170,10 @@ The patches fixing the vulnerability are developed and reviewed by the security team and by elected area experts that agree to maintain confidentiality. -The CVE id and the bug id must be referenced in the patch. +The CVE id and the bug id must be referenced in the patch if there is no +embargo, or if there is an embargo, but it will be lifted when the release +including the patch is published. If the embargo is going to be lifted after the +release, then the CVE and bug ids must be omitted from the commit message. Backports to the identified affected versions are done once the fix is ready.