On Friday 07 October 2016 19:47:38 Markus Holtermann wrote:
> On Friday, October 7, 2016 at 4:58:00 PM UTC+2, Tim Graham wrote:
> > The Django team proposes [0] to add the following to the security policy:
> >
> > Approximately one week before public disclosure, ...
> > we notify django-announce [1] of the date and approximate time of the
> > upcoming security release. No information about the issues is given. [...]
>
> While we haven't decided of any particular format, you can expect the
> announcements to look a bit like
>https://mta.openssl.org/pipermail/openssl-announce/2016-September/000076.html
>
with nitpicking():
this example does give some information about the issues -- the number
of
issues and an assessment of their severitly level. I believe it is a
good
example to follow.
Shai.
