logoalt Hacker News

rurbanyesterday at 7:17 PM0 repliesview on HN

It's good. It gives the maintainers the possibility to update their packages. And if a CVE is unfixed for months it reflects on the maintainance. This usually only happens to closed source packages.