[ https://ovirt-jira.atlassian.net/browse/OVIRT-2078?page=com.atlassian.jir... ] sbonazzo commented on OVIRT-2078: --------------------------------- User story: A researcher find a vulnerability in one of the oVirt packages. A CVE is opened and an embargo date is acknowledged between researcher, oVirt package maintainer and downstream vendors. Between report and embargo date, oVirt package maintainer must be able to push a patch to gerrit as a private patch, getting it reviewed by a restricted number of people and get it ready for being merged immediately on embargo lift, when the vulnerability will be disclosed to public, in order to issue an immediate release right after the merge. -- This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100087)