Clarifications to predisclosure list subscription instructions

author Ian Campbell <ian.campbell@citrix.com>

Thu, 16 Aug 2012 14:11:18 +0000 (15:11 +0100)

committer Ian Campbell <ian.campbell@citrix.com>

Thu, 23 Aug 2012 11:29:02 +0000 (12:29 +0100)
author Ian Campbell <ian.campbell@citrix.com>
Thu, 16 Aug 2012 14:11:18 +0000 (15:11 +0100)
committer Ian Campbell <ian.campbell@citrix.com>
Thu, 23 Aug 2012 11:29:02 +0000 (12:29 +0100)
diff --git a/security_vulnerability_process.html b/security_vulnerability_process.html

index eff108a5570312ccd4a7d7fc12c480eda861149c..0557556f2802310f65998e74ec25aeb83b4f679a 100644 (file)
--- a/security_vulnerability_process.html
+++ b/security_vulnerability_process.html
@@ -206,7 +206,9 @@ if(ns4)_d.write("<scr"+"ipt type=text/javascript src=/globals/mmenuns4.js><\/scr
         <li>The planned disclosure date</li>
      </ul></p>
  
-    <p>Organisations who meet the criteria should contact security@xen if they wish to receive pre-disclosure of advisories.</p>    
+    <p>Organisations who meet the criteria should contact security@xen if they wish to receive pre-disclosure of advisories. Organisations should not request subscription via the mailing list web interface, any such subscription requests will be rejected and ignored.</p>
+    <p>Normally we would prefer that a role address be used for each organisation, rather than one or more individual's direct email address. This helps to ensure that changes of personnel do not end up effectively dropping an organisation from the list</p>
+
      <p>The pre-disclosure list will also receive copies of public advisories when they are first issued or updated.</p>
      
      <h3>Organizations on the pre-disclosure list:</h3>
author	Ian Campbell <ian.campbell@citrix.com>
	Thu, 16 Aug 2012 14:11:18 +0000 (15:11 +0100)
committer	Ian Campbell <ian.campbell@citrix.com>
	Thu, 23 Aug 2012 11:29:02 +0000 (12:29 +0100)