FYI The OMC voted last week to update the security policy extending prenotifications[1] and we've just released a blog explaining this change[2] [1] https://github.com/openssl/web/pull/176/files [2] https://www.openssl.org/blog/blog/2020/05/12/security-prenotifications/ Regards, Mark