On Thursday, 2 January 2020 6:20:23 PM AEDT Salvatore Bonaccorso wrote: > The good thing on having a CVE id for the vulnerabilities is helping > other vendors to track the issues properly 'cross-vendor' in an unique > way. If every upstream would use individual identifiers to track their > vulnerabilities, this makes the work of downsteams security teams much > harder. Nowdays MITRE has improved a lot on their processes on > assigning CVEs, and good filled reports at https://cveform.mitre.org/ > get fastly assigned a CVE respectively (this somehow depends though on > how good the report is done). I know some upstreams did in past make > frustrating experiations, and do not want to try that out again.
Thank you so much, that is exactly what I've been looking for. I'll pass that to upstream. It would be great to add your explanation to "Debian Upstream Guide" for easy reference: https://wiki.debian.org/UpstreamGuide > Does this helps or are you targetting the question to something else > which I just missed now? This helps, thanks. All good. > Many thanks for your work! Thank you. Many thanks to you too for your much appreciated efforts. -- Cheers, Dmitry Smirnov. --- Platitude: an idea (a) that is admitted to be true by everyone, and (b) that is not true. -- H. L. Mencken
signature.asc
Description: This is a digitally signed message part.
