Daniel P. Berrangé <[email protected]> writes: > It is no longer viable to handle the incredible volumes of > AI assisted security disclosures via email, nor are extended > embargos practical or useful. > > Remove all information about the current security process and > instruct reporters to use 'confidential' issues. In contrast > to the old highly restrictive "need to know" approach, the > new approach makes all security issues visible to all QEMU > maintainers immediately. > > The focus is on making issues public as soon as possible with > a viable patch. Co-ordinated disclosure will no longer be > attempted and nor will requests to embargoes be accepted. > > Signed-off-by: Daniel P. Berrangé <[email protected]>
Reviewed-by: Alex Bennée <[email protected]> -- Alex Bennée Virtualisation Tech Lead @ Linaro
