Date: Sat, 15 Jun 2019 17:57:40 +0200 From: Greg KH <greg@...ah.com> To: oss-security@...ts.openwall.com Subject: Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz On Sat, Jun 15, 2019 at 11:49:03AM -0400, Alex Gaynor wrote: > I do not have a solution to this problem. I wanted to raise awareness of > it, in the hope that it would start a discussion which might come to a > solution. Why not just do a simple "you must upgrade to the latest version X to fix a bunch of bugs" type of announcement? No need to worry about crazy backports and cherry-picking, that always fails in the end. thanks, greg k-h
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.