From: Ian Campbell <ian.campbell@citrix.com>
Date: Thu, 16 Aug 2012 15:05:01 +0000 (+0100)
Subject: Patch review, expert advice and targetted fixes
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=cfa7741aea725742b7343f1b5ca63e7ee55d4f6d;p=people%2Flarsk%2Fsecurity-process.git

Patch review, expert advice and targetted fixes

See <20448.49637.38489.246434@mariner.uk.xensource.com>, section
    "Patch development and review"
---

diff --git a/security_vulnerability_process.html b/security_vulnerability_process.html
index b8ce69d..d307c53 100644
--- a/security_vulnerability_process.html
+++ b/security_vulnerability_process.html
@@ -109,8 +109,13 @@ if(ns4)_d.write("<scr"+"ipt type=text/javascript src=/globals/mmenuns4.js><\/scr
        process.</p></li>
        <p>(This may rely on the other project(s) having
        documented and responsive security contact points)</p>
-    <li><p>We will prepare or check patch(es) which fix the vulnerability.
-       This would ideally include all relevant backports.</p></li>
+    <li><p>We will prepare or check patch(es) which fix the
+       vulnerability.  This would ideally include all relevant
+       backports.  Patches will be tightly targeted on fixing the
+       specific security vulnerability in the smallest, simplest and
+       most reliable way.  Where necessary domain specific experts
+       within the community will be brought in to help with patch
+       preparation.</p></li>
     <li><p>We will determine which systems/configurations/versions are
        vulnerable, and what the impact of the vulnerability is.
        Depending on the nature of the vulnerability this may involve