From: Zac Dover <zac.dover@gmail.com>
Date: Wed, 19 May 2021 14:37:52 +0000 (+1000)
Subject: doc/security: updating fifth listitem
X-Git-Tag: v17.1.0~1909^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=6ccf27fceffd8d449286670249fa3736e458e1ea;p=ceph.git

doc/security: updating fifth listitem

This PR enriches the text in the fifth listitem
of the Vulnerability Management Process.

Signed-off-by: Zac Dover <zac.dover@gmail.com>
---

diff --git a/doc/security/process.rst b/doc/security/process.rst
index f2a0c731ab20..a202038907a1 100644
--- a/doc/security/process.rst
+++ b/doc/security/process.rst
@@ -10,9 +10,10 @@ Vulnerability Management Process
 #. If the team confirms the report, a unique CVE identifier will be
    assigned and shared with the reporter. The team will take action to
    fix the issue.
-#. If a reporter has no disclosure date in mind, a Ceph security team
-   member will coordinate a release date (CRD) with the list members
-   and share the mutually agreed disclosure date with the reporter.
+#. In cases in which a reporter has not chosen a date to disclose the
+   vulnerability, a Ceph security team member will work with the list members
+   to coordinate a release date (CRD). The agreed upon release date
+   will be shared with the reporter.
 #. The vulnerability disclosure / release date is set excluding Friday and
    holiday periods.
 #. Embargoes are preferred for Critical and High impact