SECURITY.md: updated after comments from Daniel Berrange [ci skip]

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2017-02-22 21:01:30 +0100
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2017-02-22 21:01:36 +0100
commit: 029d4716e8cf5959f6e07a8dc9e2626df4f3ba59 (patch)
tree: 20f69093639d7257774315076b46cb85965993ec
parent: 4ea99d10f844aa93e78a9dff81ca38616701ceeb (diff)
download: gnutls-029d4716e8cf5959f6e07a8dc9e2626df4f3ba59.tar.gz
1 files changed, 8 insertions, 1 deletions
diff --git a/SECURITY.md b/SECURITY.md
index 34303f1267..372fcacc4e 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -15,11 +15,18 @@ issues are handled with the normal release process.
 
 # Committing a fix
 
-The fix when is made available, preferrably within 3 months of the report,
+The fix when is made available, preferrably within 1 month of the report,
 is pushed to the repository using a detailed message on all supported
 branches which are affected. The commit message must refer to the bug
 report addressed (e.g., our issue tracker or some external issue tracker).
 
+For issues reported by third parties which request an embargo time, the
+general aim to have embargo dates which are two weeks or less in duration.
+In exceptional circumstances longer initial embargoes may be negotiated by
+mutual agreement between members of the security team and other relevant
+parties to the problem. Any such extended embargoes will aim to be at most
+one month in duration.
+
 # Releasing
 
 Currently our releases are time-based, thus there are no special releases
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2017-02-22 21:01:30 +0100
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2017-02-22 21:01:36 +0100
commit	029d4716e8cf5959f6e07a8dc9e2626df4f3ba59 (patch)
tree	20f69093639d7257774315076b46cb85965993ec
parent	4ea99d10f844aa93e78a9dff81ca38616701ceeb (diff)
download	gnutls-029d4716e8cf5959f6e07a8dc9e2626df4f3ba59.tar.gz