Ports EOL vuxml entry
Dag-Erling Smørgrav
des at des.no
Tue Aug 30 10:22:48 UTC 2016
Kubilay Kocak <koobs at FreeBSD.org> writes:
> This (good) argument sounds primarily about classification and/or the
> ability or lack thereof to distinguish between types-of-things, which
> are not identical:
>
> * Explicit vulnerability ("Active", Official record (CVE, etc), will or
> likely/expected to be fixed)
> * Implicit (probable) vulnerability (by way of EoL, no fixes/support,
> may have CVE (forever), port/pkg deleted, etc)
In theory, these are not identical. In practice, there is no way to
tell the difference given the sources and resources we have.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-security
mailing list