-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jesse Keating wrote:
> We should write an advisory that this vul does not effect the
> releases we support. Thoughts on format?
Doesn't the KDE advisory make that clear enough? Seems like there is
already more than enough work just to keep up with the known updates.
If there are folks insisting that the vulnerability affects KDE < 3.1
then let them do some work to show that and then it might be worth
looking at.
Putting out advisories that something *isn't* vulnerable seems useless
at best and confusing at worst. To me anyway. It might be different
if 8.0 had a vulnerable version and 7.x didn't. Then noting that the
vuln didn't affect 7.x might be good to do in the advisory for the
updated 8.0 packages. This case could happen with KDE packages after
9 goes EOL in April.
- --
Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp
======================================================================
Hell hath no fury like a bureaucrat scorned.
-- Dr. Milton Friedman
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.
iD8DBQFADt8Auv+09NZUB1oRArf8AJ0Tjx5MICTWKuKMoabyGbiqAUn7XACg3aNd
MltmvDu8hIai6PuA9cd/F+c=
=e4mw
-----END PGP SIGNATURE-----
