> it would be good if the current state was listed in https://elog.psi.ch/elogs/Vulnerabilities/
> It seems there's now updated builds for at least windows, and the debian package still outdated?
>
> Personally, I don't think removing download links and pulling packages should be more than a temporary measure.
> Treating people fairly IMHO means they should be able to reach a safe version by the same means that brought and left them exposed.
>
> A clear central source would be best, one that has
>
> - package autobuilds
> - source
> - cve list
>
> If I understand correctly, currently only the source is up to date?
>
>
> (I found py_elog on Github, so it could be an easy option to mirror ELOG there and let some free service handle the autobuilds.
> I don't know how well one can flag vulnerabilities there, but likely it's possible, and ideally more people would help there.)
>
>
> p.s.: My hat is off to the sysadmin who checked carefully, I wanted to introduce ELOG in a windows-centric place and I can't swear I would have checked this (official) download as well.
Very good ideas! Go ahead and implement them! We very much appreciate your contribution. |