From 63fcec30fbcffcad9a7ab860bf699636ec938e5a Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Sat, 9 Mar 2019 21:50:46 +0100 Subject: SECURITY.md: updated to reflect the current practice [ci skip] This change updates the SECURITY guidelines to reflect the current practice (no special security releases), and thus refer directly to the upcoming or following release. Furthermore, it removes any mention of absolute time, as the release cadence is already fixed to bi-monthly. Signed-off-by: Nikos Mavrogiannopoulos --- SECURITY.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 372fcacc4e..b8d055c282 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -21,11 +21,11 @@ branches which are affected. The commit message must refer to the bug report addressed (e.g., our issue tracker or some external issue tracker). For issues reported by third parties which request an embargo time, the -general aim to have embargo dates which are two weeks or less in duration. -In exceptional circumstances longer initial embargoes may be negotiated by -mutual agreement between members of the security team and other relevant -parties to the problem. Any such extended embargoes will aim to be at most -one month in duration. +general aim to have embargo dates which do not exceed the upcoming stable +release date, or the following one, if the report was received late for +a fix to be included. In exceptional circumstances longer initial embargoes +may be negotiated by mutual agreement between members of the security team +and other relevant parties to the problem. # Releasing -- cgit v1.2.1