[gnutls-devel] handling security issues

[Nikos Mavrogiannopoulos]

Hi,
 I've tried to make the current ad-hoc handling of security issues
with something more formally defined at:
https://gitlab.com/gnutls/gnutls/blob/master/SECURITY.md

My goal is to establish some more objective criteria than my opinion
on when an issue will be handled as a security issue and an advisory
will be issued. In the text above I've used the CVSS scoring which
seems to be generic and objective enough. Any comments or suggestions
on the above text?

regards,
Nikos