SECURITY.md: contributors must agree to confidentiality

There is no point in having the special process if a
contributor refuses or doesn't agree with the
confidentiality terms.

Signed-off-by: Flavio Leitner <fbl@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

diff --git a/SECURITY.md b/SECURITY.md
index e1db4cb..e66a43f 100644 (file)
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -108,8 +108,7 @@ Steps 3a and 3b may proceed in parallel.
 
 The security team develops and obtains (private) reviews for patches
 that fix the vulnerability.  If necessary, the security team pulls in
-additional developers, who should be asked to maintain
-confidentiality.
+additional developers, who must agree to maintain confidentiality.
 
 
 Step 4: Embargoed Disclosure