Will.
Jason wrote:
On Wed, Jan 21, 2004 at 03:20:17PM -0500, Todd wrote:
Jesse Keating wrote:
We should write an advisory that this vul does not effect the releases we support. Thoughts on format?
Doesn't the KDE advisory make that clear enough? Seems like there is already more than enough work just to keep up with the known updates. If there are folks insisting that the vulnerability affects KDE < 3.1 then let them do some work to show that and then it might be worth looking at.
Putting out advisories that something *isn't* vulnerable seems useless at best and confusing at worst. To me anyway. It might be different if 8.0 had a vulnerable version and 7.x didn't. Then noting that the vuln didn't affect 7.x might be good to do in the advisory for the updated 8.0 packages. This case could happen with KDE packages after 9 goes EOL in April.
I concur