alt Hacker NewsIf you discover a vulnerability in OpenSSL, are you required to track down and separately notify every downstream packager of OpenSSL?
Or do you rely on the OpenSSL project to work their established process?
If you discover a vulnerability in OpenSSL, are you required to track down and separately notify every downstream packager of OpenSSL?
Or do you rely on the OpenSSL project to work their established process?