Re: Proposed ports deprecation and removal policy
- In reply to: Mark Millard : "Re: Proposed ports deprecation and removal policy"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 16 Mar 2024 16:03:00 UTC
[Just trying to get Daniel's E-mail address right this time.] On Mar 16, 2024, at 08:58, Mark Millard <marklmi@yahoo.com> wrote: > Eugene Grosbein <eugen_at_grosbein.net> wrote on > Date: Sat, 16 Mar 2024 13:16:21 UTC : > >> 16.03.2024 17:03, Daniel Engberg wrote: >> >>> A key difference is though that browsers such as Firefox or Chromium are maintained upstream including reporting etc. >> >> It does not stop browsers from being vulnerable all the time. All times. So, no difference in practical point of view. >> In theory, there is difference. Not in practice. > > My guess here is that Daniel is thinking of properties like: > How long does a discovered vulnerability generally stay as > a vulnerability after discovery? There might generally be a > difference for code maintained by an upstream vs. code not > maintained by an upstream, for example. There might be > practical consequences to such distinctions in various kinds > of cases. > > The overall Boolean status for "being vulnerable" in at least > one way vs. Daniel's comment seem mismatched and not all that > relevant to each other. > > The "tools, not policy" point could apply to both. My point > here is more limited to the potentially mismatched kind of > referenced context. === Mark Millard marklmi at yahoo.com