jenkins-infra · Kevin-CB · Aug 14, 2023 · Apr 26, 2024 · Kevin-CB · Aug 14, 2023
@@ -104,7 +104,7 @@ The following is a rough approximation of the typical recommended lifecycle of a
 .. The security team provides a private repository for that work in the `jenkinsci-cert` GitHub organization.
 .. Work usually happens on a branch, and a corresponding pull request will be used for review.
 . A *date and time of the release is coordinated* between the security team and maintainers.
-  The security team handles CVE ID assignment, advance notification of users, and creation of the security advisory.
+  The security team handles CVE ID assignment (in cases where there is no CNA scope conflict), advance notification of users, and creation of the security advisory.
-  The security team handles CVE ID assignment (in cases where there is no CNA scope conflict), advance notification of users, and creation of the security advisory.
+  The security team handles CVE ID assignment (assignment may require coordination with another CNA in case of a scope conflict), advance notification of users, and creation of the security advisory.
-  The security team handles CVE ID assignment (in cases where there is no CNA scope conflict), advance notification of users, and creation of the security advisory.
+  The security team handles CVE ID assignment (assignment may require coordination with another CNA in case of a scope conflict), advance notification of users, and creation of the security advisory.
 . The *security fix is merged*.
   For details, see link:#merging[Merge the Fix] below.
 . A version of the plugin containing the fix is *uploaded to a staging repository* (see link:#upload[Stage with Maven] below).