Subject: Re: What to do about unfixed vulnerabilities?
To: None <agc@pkgsrc.org>
From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
List: tech-pkg
Date: 10/23/2000 14:34:37
> I agree, however, that the version numbering may be obscure - we should
> perhaps change the vulnerability list to reflect the first version which is
> safe, rather than the last vulnerable version, to make it obvious what's
> going on.

> i.e. pine<4.21nb1, rather than pine<=4.21

agreed, at least when a fixed package exists in pkgsrc; the message
can then say "Versions of the pine package older than 4.21nb1 have a ..."

					- Bill