On Wed, Jan 22, 2025 at 03:18:10PM +0100, Johannes Segitz wrote: > We're not empowered to do this. We are a CNA for code that we own (e.g. > zypper), but not for arbitrary open source projects.
The text of SUSE's scope [0] is similar to Canonical's [1]. We understand "All Canonical issues (including Ubuntu Linux) only" as including all software we distribute. It does not require us to be the author of that code. Mark [0] https://www.cve.org/PartnerInformation/ListofPartners/partner/canonical [1] https://www.cve.org/PartnerInformation/ListofPartners/partner/suse
signature.asc
Description: PGP signature
