Should Debian's security team ask for a Common Platform Enumeration (CPE) id when a related CVE is found/reported fixed? CPEs are used to by some systems to identify software (including, optionally, specific version numbers of software). Some security scanning automated tools use CPEs for identification. More info on requesting CPEs here: https://nvd.nist.gov/cpe.cfm I thought I'd raise the idea. Thanks! --- David A. Wheeler
Attachment:
signature.asc
Description: signature.asc