Create packager guideline/agreement for handling pre-release disclosures
When handling embargoes we should probably do something along the lines of what Gentoo is doing in terms of how it's handled. I think we can borrow a lot of the stuff gentoo has done on this document and then ship it out to people.
We could probably focus on core/extra first then move it to community and Trusted Users.
https://wiki.gentoo.org/wiki/Project:Security/Pre-Release-Disclosure
Migrated from: https://kanboard.archlinux.org/project/8/task/178