From 6ccf27fceffd8d449286670249fa3736e458e1ea Mon Sep 17 00:00:00 2001
From: Zac Dover <zac.dover@gmail.com>
Date: Thu, 20 May 2021 00:37:52 +1000
Subject: [PATCH] doc/security: updating fifth listitem

This PR enriches the text in the fifth listitem
of the Vulnerability Management Process.

Signed-off-by: Zac Dover <zac.dover@gmail.com>
---
 doc/security/process.rst | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/doc/security/process.rst b/doc/security/process.rst
index f2a0c731ab20..a202038907a1 100644
--- a/doc/security/process.rst
+++ b/doc/security/process.rst
@@ -10,9 +10,10 @@ Vulnerability Management Process
 #. If the team confirms the report, a unique CVE identifier will be
    assigned and shared with the reporter. The team will take action to
    fix the issue.
-#. If a reporter has no disclosure date in mind, a Ceph security team
-   member will coordinate a release date (CRD) with the list members
-   and share the mutually agreed disclosure date with the reporter.
+#. In cases in which a reporter has not chosen a date to disclose the
+   vulnerability, a Ceph security team member will work with the list members
+   to coordinate a release date (CRD). The agreed upon release date
+   will be shared with the reporter.
 #. The vulnerability disclosure / release date is set excluding Friday and
    holiday periods.
 #. Embargoes are preferred for Critical and High impact
-- 
2.47.3