> On Thu, Jan 30, 2020 at 08:39:05AM +0530, Huzaifa Sidhpurwala wrote: > > Maybe? > > The problem with this analysis is we don't know how many of these are > actual current security issues, and of those how many are > low impact > (because honestly low impact security issues should just be ignored). > > We have a security team which is very rigorous about filing bugs for > every CVE, which is a great thing. However we don't have an automated > system for clearing up bugs which are naturally fixed through rebases.
An automated system to reconcile open security bugs with current shipping packages sure would be handy. > > Rich. _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
