Josh Bressers on Nostr: Haelwenn /элвэн/ :triskell: npub1sc5xy…m4hj4 I've yet to find minizip in any ...
Haelwenn /элвэн/ :triskell: (npub1ysu…2jyl) npub1sc5xy5s4lks7tuehyzpvvvrqxh9j8srpu0f3cvuevh8plyrwpsfqcm4hj4 (npub1sc5…4hj4)
I've yet to find minizip in any zlib packages (I'm trying to find it)
But even if it was there, you can make the argue this affects zlib, which is technically correct
But zlib is special, it's in literally every computing device on the planet
This is going to waste literally millions of dollars with people either patching to get rid of the vulnerability absolutists, or justifying why it's not a problem over and over again
Rigidly following rules and policy without exception either means your policy is terrible, or you don't understand what's going on (or both)
Additionally, this shouldn't have a critical severity. So even if your broken policy makes you keep the data in the system, at least mark the severity appropriately
I've yet to find minizip in any zlib packages (I'm trying to find it)
But even if it was there, you can make the argue this affects zlib, which is technically correct
But zlib is special, it's in literally every computing device on the planet
This is going to waste literally millions of dollars with people either patching to get rid of the vulnerability absolutists, or justifying why it's not a problem over and over again
Rigidly following rules and policy without exception either means your policy is terrible, or you don't understand what's going on (or both)
Additionally, this shouldn't have a critical severity. So even if your broken policy makes you keep the data in the system, at least mark the severity appropriately