On 29.01.2025 2:43 PM, Dan Ritter wrote:
CVSS are often bogus.
Hmmm... I'm not sure what you mean. All security announcements in DSAs are
referring to CVSS, so... what's the source of such opinion?
Most recently:https://daniel.haxx.se/blog/2025/01/23/cvss-is-dead-to-us/
Yeah, another blog and opinion. Do we (debians) have some better
alternatives?
Are there plans to switch to other solution? Or maybe just discussion
about such switch?
You say: minor, minor, it appears to only exist in Android
Really? :-)
I read the notes. You sent the links, you should read them.
Another misunderstanding - sorry maybe that's my "language side-effect" ;-)
I sent the links, but it seems I don't fully understand them, so I ask
for explanation.
Then you cite some parts form that links in plain text, so I guess you
understand them better and (again - I guess) you fully agree with those
statements.
So could you please explain me what's wrong with my understanding?
Best regards,
Rafal
