|
|
|
|
|
|
by syscomet
3356 days ago
|
|
|
blog-post author here, others are addressing the other points, but I wanted to answer Q1: CVEs are for tracking response to issues, so that people can clearly communicate about what they are reacting to. Everyone using the library needs to update their code (unless they were already setting the callback) and so having a CVE lets them describe exactly what they're reacting to. |
|
|