From 029d4716e8cf5959f6e07a8dc9e2626df4f3ba59 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Wed, 22 Feb 2017 21:01:30 +0100
Subject: SECURITY.md: updated after comments from Daniel Berrange [ci skip]

---
 SECURITY.md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/SECURITY.md b/SECURITY.md
index 34303f1267..372fcacc4e 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -15,11 +15,18 @@ issues are handled with the normal release process.
 
 # Committing a fix
 
-The fix when is made available, preferrably within 3 months of the report,
+The fix when is made available, preferrably within 1 month of the report,
 is pushed to the repository using a detailed message on all supported
 branches which are affected. The commit message must refer to the bug
 report addressed (e.g., our issue tracker or some external issue tracker).
 
+For issues reported by third parties which request an embargo time, the
+general aim to have embargo dates which are two weeks or less in duration.
+In exceptional circumstances longer initial embargoes may be negotiated by
+mutual agreement between members of the security team and other relevant
+parties to the problem. Any such extended embargoes will aim to be at most
+one month in duration.
+
 # Releasing
 
 Currently our releases are time-based, thus there are no special releases
-- 
cgit v1.2.1