Date: Sat, 16 Mar 2024 08:58:58 -0700 From: Mark Millard <marklmi@yahoo.com> To: eugen@grosbein.net, daniel.engberg.lists@pyret.ne, FreeBSD Mailing List <freebsd-ports@freebsd.org> Subject: Re: Proposed ports deprecation and removal policy Message-ID: <1068734D-4D5D-4E13-AC1E-D91BBDBE0486@yahoo.com> References: <1068734D-4D5D-4E13-AC1E-D91BBDBE0486.ref@yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Eugene Grosbein <eugen_at_grosbein.net> wrote on Date: Sat, 16 Mar 2024 13:16:21 UTC : > 16.03.2024 17:03, Daniel Engberg wrote: >=20 > > A key difference is though that browsers such as Firefox or Chromium = are maintained upstream including reporting etc. >=20 > It does not stop browsers from being vulnerable all the time. All = times. So, no difference in practical point of view. > In theory, there is difference. Not in practice. My guess here is that Daniel is thinking of properties like: How long does a discovered vulnerability generally stay as a vulnerability after discovery? There might generally be a difference for code maintained by an upstream vs. code not maintained by an upstream, for example. There might be practical consequences to such distinctions in various kinds of cases. The overall Boolean status for "being vulnerable" in at least one way vs. Daniel's comment seem mismatched and not all that relevant to each other. The "tools, not policy" point could apply to both. My point here is more limited to the potentially mismatched kind of referenced context. =3D=3D=3D Mark Millard marklmi at yahoo.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1068734D-4D5D-4E13-AC1E-D91BBDBE0486>