Do you rely on mailing lists or news articles for security vulnerabilities? Please share.

I only got to know about xz/liblzma [1] and curl [2] [3] vulnerabilities through lemmy (maybe because of high severity?).


  1. 1 ↩︎

  2. 2 ↩︎

  3. 3 ↩︎

  • unhinge@programming.devOP
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    7 months ago

    Then, what does a package maintainer rely on?

    Edit: I’m so dumb. It’s obvious they’d check original developer’s repo or issue tracker. I’m sorry