1 files changed, 11 insertions, 10 deletions
diff --git a/Documentation/admin-guide/security-bugs.rst b/Documentation/admin-guide/security-bugs.rst
index 164bf71149fd..30187d49dc2c 100644
--- a/Documentation/admin-guide/security-bugs.rst
+++ b/Documentation/admin-guide/security-bugs.rst
@@ -32,16 +32,17 @@ Disclosure and embargoed information
 The security list is not a disclosure channel.  For that, see Coordination
 below.
-Once a robust fix has been developed, our preference is to release the
+Once a robust fix has been developed, the release process starts.  Fixes
-fix in a timely fashion, treating it no differently than any of the other
+for publicly known bugs are released immediately.
-thousands of changes and fixes the Linux kernel project releases every
-month.
+Although our preference is to release fixes for publicly undisclosed bugs
+as soon as they become available, this may be postponed at the request of
-However, at the request of the reporter, we will postpone releasing the
+the reporter or an affected party for up to 7 calendar days from the start
-fix for up to 5 business days after the date of the report or after the
+of the release process, with an exceptional extension to 14 calendar days
-embargo has lifted; whichever comes first.  The only exception to that
+if it is agreed that the criticality of the bug requires more time.  The
-rule is if the bug is publicly known, in which case the preference is to
+only valid reason for deferring the publication of a fix is to accommodate
-release the fix as soon as it's available.
+the logistics of QA and large scale rollouts which require release
+coordination.
 Whilst embargoed information may be shared with trusted individuals in
 order to develop a fix, such information will not be published alongside

diff --git a/Documentation/admin-guide/security-bugs.rst b/Documentation/admin-guide/security-bugs.rst index 164bf71149fd..30187d49dc2c 100644 --- a/Documentation/admin-guide/security-bugs.rst +++ b/Documentation/admin-guide/security-bugs.rst
@@ -32,16 +32,17 @@ Disclosure and embargoed information
32	The security list is not a disclosure channel. For that, see Coordination	32	The security list is not a disclosure channel. For that, see Coordination
33	below.	33	below.
34		34
35	Once a robust fix has been developed, our preference is to release the	35	Once a robust fix has been developed, the release process starts. Fixes
36	fix in a timely fashion, treating it no differently than any of the other	36	for publicly known bugs are released immediately.
37	thousands of changes and fixes the Linux kernel project releases every	37
38	month.	38	Although our preference is to release fixes for publicly undisclosed bugs
39		39	as soon as they become available, this may be postponed at the request of
40	However, at the request of the reporter, we will postpone releasing the	40	the reporter or an affected party for up to 7 calendar days from the start
41	fix for up to 5 business days after the date of the report or after the	41	of the release process, with an exceptional extension to 14 calendar days
42	embargo has lifted; whichever comes first. The only exception to that	42	if it is agreed that the criticality of the bug requires more time. The
43	rule is if the bug is publicly known, in which case the preference is to	43	only valid reason for deferring the publication of a fix is to accommodate
44	release the fix as soon as it's available.	44	the logistics of QA and large scale rollouts which require release
		45	coordination.
45		46
46	Whilst embargoed information may be shared with trusted individuals in	47	Whilst embargoed information may be shared with trusted individuals in
47	order to develop a fix, such information will not be published alongside	48	order to develop a fix, such information will not be published alongside