[Xen-devel] [PATCH 4/6] Discuss post-embargo disclosure of potentially controversial private decisions

[Ian Campbell <ian.campbell@xxxxxxxxxx>]

See <20448.49637.38489.246434@xxxxxxxxxxxxxxxxxxxxxxxx>, section
    "11. Transparency"
---
 security_vulnerability_process.html |   12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/security_vulnerability_process.html 
b/security_vulnerability_process.html
index ddd88a1..687e452 100644
--- a/security_vulnerability_process.html
+++ b/security_vulnerability_process.html
@@ -147,6 +147,18 @@ if(ns4)_d.write("<scr"+"ipt type=text/javascript 
src=/globals/mmenuns4.js><\/scr
        public advisory.  This will also be sent to the pre-disclosure
        list.</p>
     </li>
+
+    <li><p><b>Post embargo transparency:</b></p>
+    <p>During an embargo period the Xen.org security response team may
+    be required to make potentially controverial decisions in private,
+    since they cannot confer with the community without breaking the
+    embargo. The security team will attempt to make such decisions
+    following the guidance of this document and where necessary their
+    own best judgement. Following the embargo period any such
+    decisions will be disclosed to the community in the interests of
+    transperency and to help provide guidance should a similar
+    decision be required in the future.</p>
+    </li>
     </ol>
     
     <h2>Embargo and disclosure schedule</h2>    
-- 
1.7.10.4


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel