KemalSoysal commented on PR #28:
URL: 
https://github.com/apache/maven-deploy-plugin/pull/28#issuecomment-1559092588
   > Not sure what CVEs has to do with anything. We absolutely do **NOT** want 
to address CVEs with the same pom.xml. A fix for a CVE should and MUST have a 
new version so it can be clearly distinguished which version is in use and 
whether it's vulnerable or not.
   
   Well, how do you want to mark a CVE in the original problematic coordinate?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to