Jason L Tibbitts III wrote: > Alternatively, say that you don't have to specify a version, but if > you don't then you will get every related security bug filed against > your package instead of having those filtered by version. Perhaps with a notice included in each such bug report, along the lines of "Because the version of the bundled library is unspecified, we must assume that it is a vulnerable version.", to make people aware that they can avoid irrelevant bug reports by adding a version number if one exists. Björn Persson
Attachment:
pgp1ygq_n9GDr.pgp
Description: OpenPGP digital signatur
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
