On 27/01/20 11:00, Thomas Huth wrote: > On 23/01/2020 20.43, Eric Blake wrote: >> On 1/23/20 11:11 AM, Thomas Huth wrote: >>> One reporter of a security issue recently complained that it might not >>> be the best idea to store our "Security Process" in the Wiki. Well, while >>> the page in the Wiki is protected (so that only some few people can edit >>> it), it is still possible that someone might find a bug in the Wiki >>> software to alter the page contents... >>> Anyway, it looks more trustworthy if we present the "Security Process" >>> information in the static website instead. Thus this patch adds the >>> information from the wiki to the Jekyll-based website now. >>> >>> Signed-off-by: Thomas Huth <th...@redhat.com> >>> --- >>> v2: Improved some sentences as suggested by Paolo >>> >> >>> +### Publication embargo >>> + >>> +As a security issue reported, that is not already publically disclosed >> >> publicly >> >>> +elsewhere, has an embargo date assigned and communicated to reporter. >>> Embargo >> >> Reads awkwardly. I'd suggest: >> >> If a security issue is reported that is not already publicly disclosed, >> an embargo date may be assigned and communicated to the reporter. > > Ok, thanks, I've added your suggestions and pushed the changes now to > the website. > > To the people on CC: ... could someone please update the wiki page > (https://wiki.qemu.org/SecurityProcess) to point to > https://www.qemu.org/contribute/security-process/ instead? ... I don't > have write access to that page, so I can not do that on my own.
Done, I will add a server-side redirect when I have some time. Paolo
