What does
When I looked up this phrase on the forum search, it seemed to dredge up many individual cases. In one instance, it seemed that a lower version, still vulnerable, was being used. I found that surprising.
If it's not patching, and it's not upgrading, and it's sometimes downgrading; then what is it doing? Is it just an acknowledgement of the CVEs? Also, if there's a reference that tells us about it, please let me know.
make DISABLE_VULNERABILITIES=yes
really mean? When port maintainers put this in the script, does this mean that they are taking a standard type of action for the port? Are they leaving out features or files known to contribute to a vulnerability? Is there a standard path or principle that's guiding the use of that argument?When I looked up this phrase on the forum search, it seemed to dredge up many individual cases. In one instance, it seemed that a lower version, still vulnerable, was being used. I found that surprising.
If it's not patching, and it's not upgrading, and it's sometimes downgrading; then what is it doing? Is it just an acknowledgement of the CVEs? Also, if there's a reference that tells us about it, please let me know.