This policy forbids members of this project's security contacts and others defined below from sharing information outside of the security contacts and this listing without need-to-know and advance notice.
The information members and others receive from the list defined below must:
- not be made public,
- not be shared,
- not be hinted at
- must be kept confidential and close held
Except with the list's explicit approval. This holds true until the public disclosure date/time that was agreed upon by the list.
If information is inadvertently shared beyond what is allowed by this policy, you are REQUIRED to inform the security contacts of exactly what information leaked and to whom. A retrospective will take place after the leak so we can assess how to not make this mistake in the future.
Violation of this policy will result in the immediate removal and subsequent replacement of you from this list or the Security Contacts.
This project sustains a 10 disclosure timeline to ensure we provide a quality, tested release. On some occasions, we may need to extend this timeline due to complexity of the problem, lack of expertise available, or other reasons. Submitters will be notified if an extension occurs.