https://bugzilla.redhat.com/show_bug.cgi?id=2079784 --- Comment #14 from Peter Robinson <pbrobinson@xxxxxxxxx> --- (In reply to Zbigniew Jędrzejewski-Szmek from comment #13) > > This is why it should be a separate project/source upstream to systemd > > Let's try to keep the scope of this ticket to the review. > The separate code thingy has been discussed (and refuted) on the mailing > list, > see e.g. > https://lists.freedesktop.org/archives/systemd-devel/2022-April/047828.html . There's nothing in that post that refuted or even addresses any of my points above. If three's a CVE that's against systemd it covers all of systemd and hence the CVE still applies to sd-boot even if the code is unaffected. None of that was addressed in that post. -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2079784 _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
