From: Ferruh Yigit Date: Mon, 17 Jun 2019 16:06:47 +0000 (+0100) Subject: doc: clarify security pre-release end of embargo date X-Git-Url: http://git.droids-corp.org/?a=commitdiff_plain;h=4f0416968bb7d559facfc7b743788c00ee8c7981;p=dpdk.git doc: clarify security pre-release end of embargo date Clarify that a fixed date will be used for end of embargo (public disclosure) date while communicating with downstream stakeholders. Initial document got a review that it gives an impression that communicated embargo date can be a range like 'less than a week' which is not the case. The range applies when defining the end of the embargo date but a fix date will be communicated. Signed-off-by: Ferruh Yigit Acked-by: John McNamara --- diff --git a/doc/guides/contributing/vulnerability.rst b/doc/guides/contributing/vulnerability.rst index da00acd4f0..746231402c 100644 --- a/doc/guides/contributing/vulnerability.rst +++ b/doc/guides/contributing/vulnerability.rst @@ -182,7 +182,7 @@ When the fix is ready, the security advisory and patches are sent to downstream stakeholders (`security-prerelease@dpdk.org `_), specifying the date and time of the end of the embargo. -The public disclosure should happen in **less than one week**. +The communicated public disclosure date should be **less than one week** Downstream stakeholders are expected not to deploy or disclose patches until the embargo is passed, otherwise they will be removed from the list.