>> "Known" is also tricky - known by whom? - but it could suffice, as if >> anyone who is actually involved in this QA checking "knows", it would >> trigger this. > > Perhaps a check against the CVE database?
That could be a plus, but many vulnerabilities never get CVE entries (for various reasons). So I'd still say "known" - if it's in the CVE database, it's definitely "known" but it would also cover those known only internally to the project. - Antti _______________________________________________ maemo-developers mailing list [email protected] https://lists.maemo.org/mailman/listinfo/maemo-developers
