get.porter.sh/porter@v1.3.0/embargo-policy.md (about)

     1  # Embargo Policy
     2  
     3  This policy forbids members of this project's [security contacts](./SECURITY_CONTACTS.md) and others
     4  defined below from sharing information outside of the security contacts and this
     5  listing without need-to-know and advance notice.
     6  
     7  The information members and others receive from the list defined below must:
     8  
     9  * not be made public,
    10  * not be shared,
    11  * not be hinted at
    12  * must be kept confidential and close held
    13  
    14  Except with the list's explicit approval. This holds true until the public
    15  disclosure date/time that was agreed upon by the list.
    16  
    17  If information is inadvertently shared beyond what is allowed by this policy,
    18  you are REQUIRED to inform the [security contacts](./SECURITY_CONTACTS.md) of exactly what
    19  information leaked and to whom. A retrospective will take place after the leak
    20  so we can assess how to not make this mistake in the future.
    21  
    22  Violation of this policy will result in the immediate removal and subsequent
    23  replacement of you from this list or the Security Contacts.
    24  
    25  ## Disclosure Timeline
    26  
    27  This project sustains a **10 disclosure timeline** to ensure we provide a
    28  quality, tested release. On some occasions, we may need to extend this timeline
    29  due to complexity of the problem, lack of expertise available, or other reasons.
    30  Submitters will be notified if an extension occurs.