diff options
Diffstat (limited to 'SECURITY.md')
| -rw-r--r-- | SECURITY.md | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/SECURITY.md b/SECURITY.md index 34303f1267..372fcacc4e 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -15,11 +15,18 @@ issues are handled with the normal release process. # Committing a fix -The fix when is made available, preferrably within 3 months of the report, +The fix when is made available, preferrably within 1 month of the report, is pushed to the repository using a detailed message on all supported branches which are affected. The commit message must refer to the bug report addressed (e.g., our issue tracker or some external issue tracker). +For issues reported by third parties which request an embargo time, the +general aim to have embargo dates which are two weeks or less in duration. +In exceptional circumstances longer initial embargoes may be negotiated by +mutual agreement between members of the security team and other relevant +parties to the problem. Any such extended embargoes will aim to be at most +one month in duration. + # Releasing Currently our releases are time-based, thus there are no special releases |