From: Zac Dover Date: Wed, 19 May 2021 14:29:40 +0000 (+1000) Subject: doc/security: updating fourth item X-Git-Tag: v17.1.0~1889^2 X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=1de9238f04402786707f26deec7753a0b47e6281;p=ceph.git doc/security: updating fourth item This PR makes minor changes (nitpicking, really) to make the sentence a little easier to read. Signed-off-by: Zac Dover --- diff --git a/doc/security/process.rst b/doc/security/process.rst index 83e8679530cdd..9bde7054abb8d 100644 --- a/doc/security/process.rst +++ b/doc/security/process.rst @@ -7,13 +7,12 @@ Vulnerability Management Process surrounding the reported issue. #. If the team does not confirm the report, no further action will be taken and the issue will be closed. -#. If the team confirms the report, a unique CVE identifier will be - assigned and shared with the reporter. The team will take action to - fix the issue. -#. In cases in which a reporter has not chosen a date to disclose the - vulnerability, a Ceph security team member will work with the list members - to coordinate a release date (CRD). The agreed upon release date - will be shared with the reporter. +#. If the report is confirmed by Ceph team members, a unique CVE identifier + will be assigned to the report and then shared with the reporter. The Ceph + security team will start working on a fix. +#. If a reporter has no disclosure date in mind, a Ceph security team + member will coordinate a release date (CRD) with the list members + and share the mutually agreed disclosure date with the reporter. #. The vulnerability disclosure / release date is set excluding Friday and holiday periods. #. Embargoes are preferred for "Critical" and "High impact" issues. Embargoes