RE: Initial Guidance on Linux Issues
> Mark, parroting this back to you to confirm what I think you are saying,
> I take this to mean that you believe full coverage of the Red Hat source
> is required (and, as the Red Hat CAN, you are willing to ensure this).
> Is that correct?
Right, to say it the other way around; anything other than being able to
give identifiers to everything from Red Hat would mean we'd drop CVE as
our primary identifier. We are willing to continue providing adequate
public details for all the vulnerabilities we assign CVEs to.