Josselin Mouette <j...@debian.org> writes: > a friend of mine mentioned (not in a pub, but in a serious discussion > about systemd & upstart) that he looked into upstart bugs more closely
Thanks to Jef for this work, the results and his comparison of some bugs to systemd CVEs is quite interesting. > However, I find this habit of not registering CVEs worrying... Your point is taken. I think no matter what decision we make here, there will always be some bugs that fall on either side of the "to CVE or not to CVE" line that we could choose to quibble about in hindsight. > It would be nice if someone had the time to dig into old upstart bugs > to see which ones would have mandated a security label. Perhaps. I think the point has been made, however, so spending more time on this might not really add anything new to the discussion. What we really care about is the current quality of the code and the probability of issues in the future, after all, not so much what's in the past. Bdale
pgpPUOYOqZoxM.pgp
Description: PGP signature
