From 3b717eb113d013fdbea9486229f216488ff41b24 Mon Sep 17 00:00:00 2001
From: Christophe Bedard <bedard.christophe@gmail.com>
Date: Sat, 23 May 2020 08:40:05 -0400
Subject: [PATCH] Add ref to vulnerability disclosure policy in REP-2006 for
 tracetools

Backport of b2c72a92cb2318a1f56ba73217d033c38cc28a35 from !180

Signed-off-by: Christophe Bedard <bedard.christophe@gmail.com>
---
 tracetools/QUALITY_DECLARATION.md | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/tracetools/QUALITY_DECLARATION.md b/tracetools/QUALITY_DECLARATION.md
index 547fe2e..3f1e633 100644
--- a/tracetools/QUALITY_DECLARATION.md
+++ b/tracetools/QUALITY_DECLARATION.md
@@ -154,7 +154,7 @@ Nightly results can be found here:
 
 ### Vulnerability Disclosure Policy [7.i]
 
-`tracetools` does not currently have a vulnerability disclosure policy.
+`tracetools` conforms to the Vulnerability Disclosure Policy in [REP-2006](https://www.ros.org/reps/rep-2006.html).
 
 # Current Status
 
@@ -198,7 +198,7 @@ The table below compares the requirements in REP-2004 with the current state of
 |6| **Platform Support** ||
 |6.i| Support targets tier 1 ROS platforms | ✓ |
 |7| **Security** ||
-|7.i| Vulnerability Disclosure Policy |  |
+|7.i| Vulnerability Disclosure Policy | ✓ |
 
 \* : going forward
 
@@ -206,4 +206,3 @@ Comparing this table to the [Quality Level Comparison Chart of REP-2004](https:/
 
 Missing for Quality Level 2:
 * 5.iii Justifies quality use of non-ROS dependencies
-* 7.i Vulnerability Disclosure Policy