Subject: Re: What to do about unfixed vulnerabilities?
To: None <firstname.lastname@example.org>
From: Bill Sommerfeld <email@example.com>
Date: 10/23/2000 14:34:37
> I agree, however, that the version numbering may be obscure - we should
> perhaps change the vulnerability list to reflect the first version which is
> safe, rather than the last vulnerable version, to make it obvious what's
> going on.
> i.e. pine<4.21nb1, rather than pine<=4.21
agreed, at least when a fixed package exists in pkgsrc; the message
can then say "Versions of the pine package older than 4.21nb1 have a ..."