Patch review, expert advice and targetted fixes

author Ian Campbell <ian.campbell@citrix.com>

Thu, 16 Aug 2012 15:05:01 +0000 (16:05 +0100)

committer Ian Campbell <ian.campbell@citrix.com>

Thu, 23 Aug 2012 11:29:25 +0000 (12:29 +0100)
author Ian Campbell <ian.campbell@citrix.com>
Thu, 16 Aug 2012 15:05:01 +0000 (16:05 +0100)
committer Ian Campbell <ian.campbell@citrix.com>
Thu, 23 Aug 2012 11:29:25 +0000 (12:29 +0100)
diff --git a/security_vulnerability_process.html b/security_vulnerability_process.html

index b8ce69d0d9a57e03a4076a6833fbeba19b0e2773..d307c53e45f348fd0036e96662bae74335d142a9 100644 (file)
--- a/security_vulnerability_process.html
+++ b/security_vulnerability_process.html
@@ -109,8 +109,13 @@ if(ns4)_d.write("<scr"+"ipt type=text/javascript src=/globals/mmenuns4.js><\/scr
         process.</p></li>
         <p>(This may rely on the other project(s) having
         documented and responsive security contact points)</p>
-    <li><p>We will prepare or check patch(es) which fix the vulnerability.
-       This would ideally include all relevant backports.</p></li>
+    <li><p>We will prepare or check patch(es) which fix the
+       vulnerability.  This would ideally include all relevant
+       backports.  Patches will be tightly targeted on fixing the
+       specific security vulnerability in the smallest, simplest and
+       most reliable way.  Where necessary domain specific experts
+       within the community will be brought in to help with patch
+       preparation.</p></li>
      <li><p>We will determine which systems/configurations/versions are
         vulnerable, and what the impact of the vulnerability is.
         Depending on the nature of the vulnerability this may involve
author	Ian Campbell <ian.campbell@citrix.com>
	Thu, 16 Aug 2012 15:05:01 +0000 (16:05 +0100)
committer	Ian Campbell <ian.campbell@citrix.com>
	Thu, 23 Aug 2012 11:29:25 +0000 (12:29 +0100)