On Thu, Jun 18, 2026 at 3:21 PM Daniel P. Berrangé <[email protected]> wrote: > > It is no longer viable to handle the incredible volumes of > AI assisted security disclosures via email, nor are extended > embargos practical or useful. > > Remove all information about the current security process and > instruct reporters to use 'confidential' issues. In contrast > to the old highly restrictive "need to know" approach, the > new approach makes all security issues visible to all QEMU > maintainers immediately. > > The focus is on making issues public as soon as possible with > a viable patch. Co-ordinated disclosure will no longer be > attempted and nor will requests to embargoes be accepted. > > Signed-off-by: Daniel P. Berrangé <[email protected]>
Reviewed-by: Mauro Matteo Cascella <[email protected]> -- Mauro Matteo Cascella Red Hat Product Security PGP-Key ID: BB3410B0
