From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Fri, 16 Jan 2015 19:51:15 +0000 (+0000)
Subject: Clarify and fix prior consultation text
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=9e8f025d90498a5c02ca8035394fc4f71092746b;p=people%2Flarsk%2Fsecurity-process.git

Clarify and fix prior consultation text

The prior consultation clause should applies to all disclosure
exceptions.  The list end appears to have been moved by mistake.  So
put it back.

Also, no longer suggest that predisclosure list members should consult
with the discoverer, since the discoverer is not generally known to
predisclosure list members.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
---

diff --git a/security_vulnerability_process.html b/security_vulnerability_process.html
index 2d32e51..7412652 100644
--- a/security_vulnerability_process.html
+++ b/security_vulnerability_process.html
@@ -200,9 +200,10 @@ partners:</p>
   <li>the impact, scope, set of vulnerable systems or the nature of
   the vulnerability</li>
   <li>revision control commits which are a fix for the problem</li>
-  <li>patched software (even in binary form) without prior
-  consultation with security@xenproject and/or the discoverer.</li>
+  <li>patched software (even in binary form)</li>
 </ul>
+without prior
+consultation with security@xenproject.
 <p>List members are allowed to make available to their users only the
 following:</p>
 <ul>