Hi all, On Fri, Apr 24, 2020 at 3:09 AM Utkarsh Gupta <[email protected]> wrote: > Thank you for this. I've started to think on the same lines. > During this weekend, I'll take a quick look over what other > distributions are doing for this.
I took a look and couldn't find anything. Interestingly, the advisory[1] by GitHub has also marked this as of "low" severity. > And if I don't find something, we could perhaps mark this as "no-dsa"? Therefore, I have marked this as no-dsa in Jessie, at least. D'you think I should go on and mark this as no-dsa for Stretch and Buster, too? Best, Utkarsh --- [1]: https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3
