Push a minor handbook update.
Change-Id: I4c5ddc116afccceb3ea76d4c8e6b6e2ea7153718
Signed-off-by: Wayne Beaton <wayne.beaton@eclipse-foundation.org>
diff --git a/handbook/eclipse.html b/handbook/eclipse.html
index 8cbe3d7..1c75088 100644
--- a/handbook/eclipse.html
+++ b/handbook/eclipse.html
@@ -7,7 +7,7 @@
<li><a href="#preamble-principles">Principles</a></li>
</ul>
</li>
-<li><a href="#starting">Starting an Open Source Project at Eclipse Foundation</a>
+<li><a href="#starting">Starting an Open Source Project at the Eclipse Foundation</a>
<ul class="sectlevel2">
<li><a href="#starting-proposal">Project Proposal</a></li>
<li><a href="#starting-provisioning">Provisioning</a></li>
@@ -280,7 +280,7 @@
</div>
</div>
<div class="sect1">
-<h2 id="starting"><a class="anchor" href="#starting"></a><a class="link" href="#starting">Starting an Open Source Project at Eclipse Foundation</a></h2>
+<h2 id="starting"><a class="anchor" href="#starting"></a><a class="link" href="#starting">Starting an Open Source Project at the Eclipse Foundation</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Before getting started, it’s important to know what is required of an Eclipse project. The Eclipse Foundation will take ownership of many aspects of the project to ensure that the project and its assets are managed in an open and vendor-neutral manner. This takes the form, for example, of the Eclipse Foundation retaining ownership of the project’s trademarks on behalf of the community, and carefully managing who has write access on project resources such as source code repositories and distribution channels. Eclipse projects are obligated to use certain <a href="#project-resources-and-services">resources</a> assigned to the project by the Eclipse Foundation and conform to logo and trademark guidelines. New project sponsors must engage in the process of transitioning an existing project with the intent to continue development of the project code and growth of the community and ecosystem around the project.</p>
@@ -992,7 +992,10 @@
<div class="sect3">
<h4 id="resources-dockerhub"><a class="anchor" href="#resources-dockerhub"></a><a class="link" href="#resources-dockerhub">DockerHub</a></h4>
<div class="paragraph">
-<p>The Eclipse Foundation owns several organizations on DockerHub, including <a href="https://hub.docker.com/u/eclipse/">eclipse</a>, <a href="https://hub.docker.com/u/locationtech/">locationtech</a>, and <a href="https://hub.docker.com/u/polarsys/">polarsys</a>, but does not formally support or strictly manage the use of these organizations. Due to manner in which permissions are managed, membership in the <em>owners</em> team for these organizations is required to create new repositories. The project’s PMC or the <a href="mailto:emo@eclipse.org">EMO</a> can grant membership in this team to designated committers for projects that require this access. The EMO periodically reviews membership in the teams associated with these organizations and will remove members who are not active committers. Repositories created in these organizations must follow the pattern <code><organization>/<shortname>[-<component>]</code> (e.g. <code>eclipse/che-server</code>).</p>
+<p>The Eclipse Foundation owns several organizations on DockerHub, including <a href="https://hub.docker.com/u/eclipse/">eclipse</a>, <a href="https://hub.docker.com/u/locationtech/">locationtech</a>, and <a href="https://hub.docker.com/u/polarsys/">polarsys</a>, but does not formally support or strictly manage the use of these organizations.</p>
+</div>
+<div class="paragraph">
+<p>For more information, please see <a href="https://wiki.eclipse.org/CBI#Docker_Hub">CBI/DockerHub</a> in the Eclipse wiki.</p>
</div>
<div class="admonitionblock note">
<table>
@@ -1168,7 +1171,7 @@
<p>Whether or not a vulnerability requires a CVE is decided by the project team with assistance from their PMC (if required).</p>
</div>
<div class="paragraph">
-<p>To request a CVE Number assignment, the vulnerability must be captured in a Eclipse Bugzilla record. The project team can track work on a vulnerability elsewhere, but the vulnerability reporting is tracked via Bugzilla.</p>
+<p>To request a CVE Number assignment, the vulnerability must be captured in an Eclipse Bugzilla record. If a record for the vulnerability report does not already exist, a <em>project committer</em> must <a href="https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Community&component=Vulnerability+Reports&keywords=security&groups=Security_Advisories">create one</a>. The project team can track work on a vulnerability elsewhere, but the vulnerability reporting is tracked via Bugzilla.</p>
</div>
<div class="admonitionblock tip">
<table>
