I do sympathize as I spend a lot of my time maintaining distro packages.
But I also fear that in this new world of golang and rust projects with statically linked libraries, few people take their reporting responsibilities seriously. Hell, if they did, a serious vulnerability in a commonly used library would result in an avalanche of CVEs.
But I also fear that in this new world of golang and rust projects with statically linked libraries, few people take their reporting responsibilities seriously. Hell, if they did, a serious vulnerability in a commonly used library would result in an avalanche of CVEs.