From: Petr Špaček <pspacek@isc.org>
Date: Fri, 1 Mar 2024 16:20:25 +0000 (+0100)
Subject: Add questions about multiple implementations into CVE report template
X-Git-Tag: v9.19.22~14^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=30d57b93a770e79683c806a8589e5f385e87a062;p=thirdparty%2Fbind9.git

Add questions about multiple implementations into CVE report template
---

diff --git a/.gitlab/issue_templates/Security_issue.md b/.gitlab/issue_templates/Security_issue.md
index 56f9528070a..1ec1ea4d7cb 100644
--- a/.gitlab/issue_templates/Security_issue.md
+++ b/.gitlab/issue_templates/Security_issue.md
@@ -105,10 +105,20 @@ data. You can use https://gitlab.isc.org/isc-projects/resource-monitor/ to
 gather system-wide statistics.
 -->
 
-<!-- DO NOT modify the following two lines. -->
+### Coordination
+- Does this issue affect multiple implementations?
+<!-- Issues affecting multiple implementations require very careful coordination. We have to make the information does not leak to public until vendors are ready to release fixed versions. If that's the case we need to know about this situation as soon as possible to start (confidential!) coordination process within DNS-OARC and other suitable fora. -->
+
+- Have you shared the information with anyone else?
+<!-- Have you informed other affected vendors? Or maybe submitted a paper for review? -->
+
+- What is your plan to publicize this issue?
+<!-- E.g. we plan to go public during conference XYZ on 20XX-XX-XX -->
 
 ### Acknowledgements
 <!-- Please specify whether and how you would like to be publicly credited with discovering the issue. We normally use the format "First_name Last_name, Company or Team".  -->
 
+<!-- DO NOT modify the following two lines. -->
+
 /label ~Bug ~Security
 /confidential