Kubilay Kocak <ko...@freebsd.org> writes:
> This (good) argument sounds primarily about classification and/or the
> ability or lack thereof to distinguish between types-of-things, which
> are not identical:
>
> * Explicit vulnerability ("Active", Official record (CVE, etc), will or
> likely/expected to be fixed)
> * Implicit (probable) vulnerability (by way of EoL, no fixes/support,
> may have CVE (forever), port/pkg deleted, etc)In theory, these are not identical. In practice, there is no way to tell the difference given the sources and resources we have. DES -- Dag-Erling Smørgrav - d...@des.no _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
