From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Fri, 16 Jan 2015 19:50:56 +0000 (+0000)
Subject: Use a public mailing list for predisclosure membership applications.
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=27cacfedd0171ec0d1c163eeb24000466204e62a;p=people%2Flarsk%2Fsecurity-process.git

Use a public mailing list for predisclosure membership applications.

IMPLEMENTATION TASKS:
 * Create the mailing list (and check that it works from outside)

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>

---
v2: Provide whole email address for predisclosure-applications@,
    but obfuscate it with <dot> and a <span>.
    Reword sentence about public mailing list as suggested by
    Ian Campbell.
---

diff --git a/security_vulnerability_process.html b/security_vulnerability_process.html
index de5e83e..8870f8d 100644
--- a/security_vulnerability_process.html
+++ b/security_vulnerability_process.html
@@ -228,8 +228,10 @@ permitted to also make available the allocated CVE number. This is no
 longer permitted in accordance with MITRE policy.</p>
 <h3>Predisclosure list membership application process</h3>
 <p>Organisations who meet the criteria should contact
-security@xenproject if they wish to receive pre-disclosure of
-advisories. Please include in the e-mail:</p>
+predisclosure-applications@xenproject&lt;d<span>ot</span>&gt;org
+(which is a public mailing list) if they wish to receive
+pre-disclosure of advisories.
+<p>Please include in the e-mail:</p>
 <ul>
   <li>The name of your organization</li>
   <li>A brief description of why you fit the criteria, along with