Hi Randall, Randall S. Becker wrote: > I wonder whether there is some mechanism for providing official responses > from platform ports relating to security CVE reports, like CVE-2017-14867. This question is too abstract for me. Can you say more concretely what you are trying to do? E.g. are you asking how you would communicate to users of your port that CVE-2017-14867 does not apply to them? Or are you asking where to start a conversation about who a bug applies to? Or something else? Thanks, Jonathan > For example, the Perl implementation on HPE NonStop does not include the SCM > module so commands relating cvsserver may not be available - one thing to be > verified so is a question #1. But the real question (#2) is: where would one > most appropriately document issues like this to be consistent with other > platform responses relating to git? > > Thanks, > Randall > > -- Brief whoami: NonStop&UNIX developer since approximately > UNIX(421664400)/NonStop(211288444200000000) > -- In my real life, I talk too much.
