On Wed, Jan 21, 2004 at 03:20:17PM -0500, Todd wrote: > Jesse Keating wrote: > > We should write an advisory that this vul does not effect the > > releases we support. Thoughts on format? > > Doesn't the KDE advisory make that clear enough? Seems like there is > already more than enough work just to keep up with the known updates. > If there are folks insisting that the vulnerability affects KDE < 3.1 > then let them do some work to show that and then it might be worth > looking at. > > Putting out advisories that something *isn't* vulnerable seems useless > at best and confusing at worst. To me anyway. It might be different > if 8.0 had a vulnerable version and 7.x didn't. Then noting that the > vuln didn't affect 7.x might be good to do in the advisory for the > updated 8.0 packages. This case could happen with KDE packages after > 9 goes EOL in April. I concur
Attachment:
pgp00224.pgp
Description: PGP signature
