Kubilay Kocak <[email protected]> writes: > This (good) argument sounds primarily about classification and/or the > ability or lack thereof to distinguish between types-of-things, which > are not identical: > > * Explicit vulnerability ("Active", Official record (CVE, etc), will or > likely/expected to be fixed) > * Implicit (probable) vulnerability (by way of EoL, no fixes/support, > may have CVE (forever), port/pkg deleted, etc)
In theory, these are not identical. In practice, there is no way to tell the difference given the sources and resources we have. DES -- Dag-Erling Smørgrav - [email protected] _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
