Re: Proposed ports deprecation and removal policy

Eugene Grosbein <eugen_at_grosbein.net> wrote on
Date: Sat, 16 Mar 2024 13:16:21 UTC :

> 16.03.2024 17:03, Daniel Engberg wrote:
> 
> > A key difference is though that browsers such as Firefox or Chromium are maintained upstream including reporting etc.
> 
> It does not stop browsers from being vulnerable all the time. All times. So, no difference in practical point of view.
> In theory, there is difference. Not in practice.

My guess here is that Daniel is thinking of properties like:
How long does a discovered vulnerability generally stay as
a vulnerability after discovery? There might generally be a
difference for code maintained by an upstream vs. code not
maintained by an upstream, for example. There might be
practical consequences to such distinctions in various kinds
of cases.

The overall Boolean status for "being vulnerable" in at least
one way vs. Daniel's comment seem mismatched and not all that
relevant to each other.

The "tools, not policy" point could apply to both. My point
here is more limited to the potentially mismatched kind of
referenced context.

===
Mark Millard
marklmi at yahoo.com