Re: [Question] Documenting platform implications on CVE to git
- Date: Fri, 6 Oct 2017 15:50:49 -0700
- From: Jonathan Nieder <jrnieder@xxxxxxxxx>
- Subject: Re: [Question] Documenting platform implications on CVE to git
Randall S. Becker wrote:
> I wonder whether there is some mechanism for providing official responses
> from platform ports relating to security CVE reports, like CVE-2017-14867.
This question is too abstract for me. Can you say more concretely
what you are trying to do?
E.g. are you asking how you would communicate to users of your port
that CVE-2017-14867 does not apply to them? Or are you asking where
to start a conversation about who a bug applies to? Or something
> For example, the Perl implementation on HPE NonStop does not include the SCM
> module so commands relating cvsserver may not be available - one thing to be
> verified so is a question #1. But the real question (#2) is: where would one
> most appropriately document issues like this to be consistent with other
> platform responses relating to git?
> -- Brief whoami: NonStop&UNIX developer since approximately
> -- In my real life, I talk too much.