Re: Red Hat updates apache, elm, cvs, kdepim

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

It might actually be useful here to get some indication that, although the package (never mind the version) is installed, we are not vulnerable for whatever reason. This is probably preferable to wondering if, perhaps, nobody noticed this particular package for this distribution.


Will.

Jason wrote:

On Wed, Jan 21, 2004 at 03:20:17PM -0500, Todd wrote:

Jesse Keating wrote:

We should write an advisory that this vul does not effect the
releases we support.  Thoughts on format?


Doesn't the KDE advisory make that clear enough?  Seems like there is
already more than enough work just to keep up with the known updates.
If there are folks insisting that the vulnerability affects KDE < 3.1
then let them do some work to show that and then it might be worth
looking at.

Putting out advisories that something *isn't* vulnerable seems useless
at best and confusing at worst.  To me anyway.  It might be different
if 8.0 had a vulnerable version and 7.x didn't.  Then noting that the
vuln didn't affect 7.x might be good to do in the advisory for the
updated 8.0 packages.  This case could happen with KDE packages after
9 goes EOL in April.


I concur



[Index of Archives]     [Fedora Development]     [Fedora Announce]     [Fedora Legacy Announce]     [Fedora Config]     [PAM]     [Fedora General Discussion]     [Big List of Linux Books]     [Gimp]     [Yosemite Questions]

  Powered by Linux