| 1 |
On 12/4/18 5:17 PM, Kristian Fiskerstrand wrote: |
| 2 |
> |
| 3 |
> Well, in terms of CVEs the documentation matters quite a bit, the |
| 4 |
> question isn't necessarily what any user would do ... but what a |
| 5 |
> reasonable user would do.. and a reasonable user would consider the |
| 6 |
> documented practices of a project. |
| 7 |
> |
| 8 |
|
| 9 |
There's too much crap to read. Sometimes you've just got to assume that |
| 10 |
a package marked "stable" on a popular distribution with a dedicated |
| 11 |
security team isn't going to have a 9-month-old well-known root exploit |
| 12 |
in the wild. That's perfectly reasonable to me. |
Archives