From 0fe0fcad1f0ee3eb89b725d456dee8822c002013 Mon Sep 17 00:00:00 2001 From: Eric Huss Date: Tue, 15 Aug 2023 13:33:20 -0700 Subject: [PATCH] Fix wording around "including your employer" --- src/doc/contrib/src/process/security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/doc/contrib/src/process/security.md b/src/doc/contrib/src/process/security.md index aebb7baafc5..84e587d7aaa 100644 --- a/src/doc/contrib/src/process/security.md +++ b/src/doc/contrib/src/process/security.md @@ -12,7 +12,7 @@ The general order of events happens as follows: 1. The WG will start a private Zulip stream to coordinate discussion and plans for a fix. 1. The WG will pull in one or more team members into the Zulip stream ("responders"). - Security vulnerabilities are **embargoed** until they are released publicly. - People who are brought into these discussions should **not** discuss the issue with *anyone* outside of the group, or with your employer, without first consulting The WG. + People who are brought into these discussions should **not** discuss the issue with *anyone* outside of the group, including your employer, without first consulting The WG. 1. A discussion then starts to evaluate the severity of the issue and what possible solutions should be considered. This includes figuring out who will volunteer to actually develop the patches to resolve the issue, and who will review it. 1. The WG will create a temporary private fork of the `rust-lang/cargo` repo using GitHub's [repository security advisory][github-advisory] system.