Update Internal_use_only-CVE.md checklist changing some tasks and responsibilities reflecting the new ASN process with RT vs SF

.gitlab/issue_templates/Internal_use_only-CVE.md

@@ -34,8 +34,8 @@ confidential!
   - [ ] [:link:][step_versions_affected] **(SwEng)** Determine the range of product versions affected (including the Subscription Edition)
   - [ ] [:link:][step_workarounds]       **(SwEng)** Determine whether workarounds for the problem exist
   - [ ] [:link:][step_coordinate]        **(SwEng)** If necessary, coordinate with other parties
-  - [ ] [:link:][step_earliest_prepare]  **(Support)** Prepare "earliest" notification text and hand it off to Marketing
-  - [ ] [:link:][step_earliest_send]     **(Marketing)** Update "earliest" notification document in SF portal and send bulk email to earliest customers
+  - [ ] [:link:][step_earliest_prepare]  **(Support)** Prepare "earliest" notification text
+  - [ ] [:link:][step_earliest_send]     **(Support)** Update "earliest" notification ticket in support portal and notify earliest customers
   - [ ] [:link:][step_advisory_mr]       **(Support)** Create a merge request for the Security Advisory and include all readily available information in it
   - [ ] [:link:][step_reproducer_mr]     **(SwEng)** Prepare a private merge request containing a system test reproducing the problem
   - [ ] [:link:][step_notify_support]    **(SwEng)** Notify Support when a reproducer is ready
@@ -52,11 +52,13 @@ confidential!
 
 ### At T-5
 
-  - [ ] [:link:][step_asn_documents]     **(Marketing)** Update the text on the T-5 (from the Printing Press project) and "earliest" ASN documents in the SF portal
-  - [ ] [:link:][step_asn_links]         **(Marketing)** (BIND 9 only) Update the BIND -S information document in SF with download links to the new versions
-  - [ ] [:link:][step_asn_send]          **(Marketing)** Bulk email eligible customers to check the SF portal
+  - [ ] [:link:][step_asn_links]         **(Marketing)** (BIND 9 only) Update the BIND -S information document in the support portal with download links to the new versions
+  - [ ] [:link:][step_asn_send]          **(Support)** Notify eligible customers with the text of the advisory (earliest, and T-5)
   - [ ] [:link:][step_preannouncement]   **(Marketing)** (BIND 9 only) Send a pre-announcement email to the *bind-announce* mailing list to alert users that the upcoming release will include security fixes
 
+### At T-3
+  - [ ] [:link:][step_asn_send]          **(Support)** Notify eligible customers with the text of the advisory (T-3)
+
 ### At T-1
 
   - [ ] [:link:][step_packager_emails]   **(First IM)** Send notifications to OS packagers
@@ -71,8 +73,8 @@ confidential!
   - [ ] [:link:][step_mitre]             **(First IM)** Advise MITRE about the disclosed CVEs
   - [ ] [:link:][step_merge_advisory]    **(First IM)** Merge the Security Advisory merge request
   - [ ] [:link:][step_embargo_end]       **(IM)** Inform original reporter (if external) that the security disclosure process is complete
-  - [ ] [:link:][step_asn_clear]         **(Marketing)** Update the SF portal to clear the ASN
-  - [ ] [:link:][step_customers]         **(Marketing)** Email ASN recipients that the embargo is lifted
+  - [ ] [:link:][step_asn_clear]         **(Support)** Update the support portal to clear the ASN
+  - [ ] [:link:][step_customers]         **(Marketing)** Email support customers that the release is published
 
 ### After Public Disclosure