Yeah, another blog and opinion. Do we (debians) have some better alternatives?CVSS are often bogus.Hmmm... I'm not sure what you mean. All security announcements in DSAs are referring to CVSS, so... what's the source of such opinion?Most recently: https://daniel.haxx.se/blog/2025/01/23/cvss-is-dead-to-us/
Are there plans to switch to other solution? Or maybe just
discussion about such switch?
You say: minor, minor, it appears to only exist in Android Really? :-)I read the notes. You sent the links, you should read them.
Another misunderstanding - sorry maybe that's my "language side-effect" ;-)
I sent the links, but it seems I don't fully understand them, so I ask for explanation.
Then you cite some parts form that links in plain text, so I
guess you understand them better and (again - I guess) you fully
agree with those statements.
So could you please explain me what's wrong with my understanding?
Best regards,
Rafal