Re: What can Debian do to provide complex applications to its users?
On Sat, 17 Feb 2018, Sean Whitton wrote:
I was making a more specific claim -- we don't and will never have the
manpower to provide security support for multiple different versions of
please have a look at for example CVE-2017-18077  in the security
<unimportant>. There is also a note attached, saying: "nodejs not covered
by security support"
Basically all other CVEs for node-modules are marked as <unimportant> as
them and don't include them in point releases (as you can see for example
in CVE-2016-1000236 ).
either they are secure or nobody cares.
From a security manpower point of view, there is no difference whether we