Date: Sat, 16 Mar 2024 09:03:00 -0700 From: Mark Millard <marklmi@yahoo.com> To: eugen@grosbein.net, daniel.engberg.lists@pyret.net, FreeBSD Mailing List <freebsd-ports@freebsd.org> Subject: Re: Proposed ports deprecation and removal policy Message-ID: <02FAD836-6F5C-41A4-9915-49CCD00CDB4E@yahoo.com> In-Reply-To: <1068734D-4D5D-4E13-AC1E-D91BBDBE0486@yahoo.com> References: <1068734D-4D5D-4E13-AC1E-D91BBDBE0486@yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[Just trying to get Daniel's E-mail address right this time.] On Mar 16, 2024, at 08:58, Mark Millard <marklmi@yahoo.com> wrote: > Eugene Grosbein <eugen_at_grosbein.net> wrote on > Date: Sat, 16 Mar 2024 13:16:21 UTC : >=20 >> 16.03.2024 17:03, Daniel Engberg wrote: >>=20 >>> A key difference is though that browsers such as Firefox or Chromium = are maintained upstream including reporting etc. >>=20 >> It does not stop browsers from being vulnerable all the time. All = times. So, no difference in practical point of view. >> In theory, there is difference. Not in practice. >=20 > My guess here is that Daniel is thinking of properties like: > How long does a discovered vulnerability generally stay as > a vulnerability after discovery? There might generally be a > difference for code maintained by an upstream vs. code not > maintained by an upstream, for example. There might be > practical consequences to such distinctions in various kinds > of cases. >=20 > The overall Boolean status for "being vulnerable" in at least > one way vs. Daniel's comment seem mismatched and not all that > relevant to each other. >=20 > The "tools, not policy" point could apply to both. My point > here is more limited to the potentially mismatched kind of > referenced context. =3D=3D=3D Mark Millard marklmi at yahoo.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?02FAD836-6F5C-41A4-9915-49CCD00CDB4E>