New version has been published including requirements from an organisation willing to be a GNA without publishing the vulnerability outside their circles. A new publishing model has been added to cover that use-case.
It also includes feedback from @iglocska