Jason L Tibbitts III wrote: > Alternatively, say that you don't have to specify a version, but if > you don't then you will get every related security bug filed against > your package instead of having those filtered by version.
Perhaps with a notice included in each such bug report, along the lines of "Because the version of the bundled library is unspecified, we must assume that it is a vulnerable version.", to make people aware that they can avoid irrelevant bug reports by adding a version number if one exists. Björn Persson
pgpw3XWLcJgNj.pgp
Description: OpenPGP digital signatur
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
