On Thu, Jan 30, 2020 at 08:39:05AM +0530, Huzaifa Sidhpurwala wrote:
Maybe?
The problem with this analysis is we don't know how many of these are
actual current security issues, and of those how many are > low impact
(because honestly low impact security issues should just be ignored).
We have a security team which is very rigorous about filing bugs for
every CVE, which is a great thing. However we don't have an automated
system for clearing up bugs which are naturally fixed through rebases.
Rich.
--
Richard Jones, Virtualization Group, Red Hat
http://people.redhat.com/~rjones
Read my programming and virtualization blog:
http://rwmj.wordpress.com
virt-builder quickly builds VMs from scratch
http://libguestfs.org/virt-builder.1.html