Table of Contents generated with DocToc

Confidentiality — drafting elaboration

Agentic Drafting-time elaboration of the tracker-confidentiality rules. The load-bearing rules — the three-layer model (identifiers public, contents private, security-framing embargoed), the “what public surfaces must not contain” checklist, the content scrub, and “other ASF projects” — live inline in AGENTS.md. This file holds the two how-to elaborations that an agent loads when it is actually composing reporter-facing or public text.

Sharing a tracker URL with someone who cannot access it

When the recipient is an external reporter, a public-PR reviewer who is not on the security team, or any other audience without read access to <tracker>, pair the URL with a one-line note that the link is an identifier only:

Tracking this internally as https://github.com/<tracker>/issues/NNN (private — you will not be able to view the page; included as a stable identifier so we both reference the same issue across messages).

Wording is not load-bearing; the load-bearing element is that the recipient knows the link will 404 for them and that this is expected. The note can be omitted on surfaces where every viewer is a security-team member (the tracker itself, <security-list> threads restricted to the team, internal docs, rollup entries).

Where the tracker URLs are routinely OK to use

  • Reporter emailsmay include the tracker URL in any status update, paired with the explanatory note above. This makes cross-message threading much cleaner for the reporter and gives them a stable identifier to file the report under.
  • Public <upstream> PR descriptions and commit messagesmay include the tracker URL as a cross-reference, so long as the surrounding text does not characterise the PR as a security fix (no CVE ID, no “vulnerability”, no “security advisory” framing). The URL alone is opaque to non-team viewers.
  • Public CVE records and archived advisories — the tracker URL may appear in references[] once the advisory ships. For records still in DRAFT / REVIEW state it stays internal-only.
  • gh issue comment calls inside the tracker repository — fine, they land on private issues.
  • <security-list> private mail threads — fine.
  • <private-list> PMC escalation mails — fine.
Suggest a change