© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
Ken, I think I agree with your analysis - which as you say needs to be confirmed. But I'm not sure I agree with your conclusion.
Regardless of the technical merits, I'm not sure either of our companies would want it known that we are supporting software with known HIGH CVEs. I am very sure my company does not want that.
I think we need to look into what problem this is trying to solve and how we might otherwise solve it. I don't think we can treat that analysis as a low priority issue. I think we should continue to investigate until we know what the scope of the work is. If this turns out to be an easy fix, I'd sleep better at night once we make it. If it turns out to be a major change, we'll need to have to have some hard conversations...