Hi. Le mer. 5 févr. 2025 à 13:51, Jarek Potiuk <ja...@potiuk.com> a écrit : > > And let me repeat what I wrote on slack today: > > For ASF the legal risk is huge. If someone gets billions of dollars in > damage because they trusted we told them "we are not vulnerable to this > 3rd-party vulnerability" - they might sue ASF and demand all our trademarks > as compensation (not the money we have in the bank). This is is a HUGE risk > for ASF and the whole open-source community if you ask me.
If this is true, then I don't see how anyone, ever, would issue a "not affected" statement as mentioned by Arnout. Regards, Gilles > > [...] --------------------------------------------------------------------- To unsubscribe, e-mail: security-discuss-unsubscr...@community.apache.org For additional commands, e-mail: security-discuss-h...@community.apache.org
