The prior consultation clause should applies to all disclosure
exceptions. The list end appears to have been moved by mistake. So
put it back.
Also, no longer suggest that predisclosure list members should consult
with the discoverer, since the discoverer is not generally known to
predisclosure list members.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
<li>the impact, scope, set of vulnerable systems or the nature of
the vulnerability</li>
<li>revision control commits which are a fix for the problem</li>
- <li>patched software (even in binary form) without prior
- consultation with security@xenproject and/or the discoverer.</li>
+ <li>patched software (even in binary form)</li>
</ul>
+without prior
+consultation with security@xenproject.
<p>List members are allowed to make available to their users only the
following:</p>
<ul>