Sure, but Donenfield has specifically declared that CVEs not be issued for "pre-... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		loeg on March 3, 2020 \| parent \| context \| favorite \| on: WireGuard Gives Linux a Faster, More Secure VPN Sure, but Donenfield has specifically declared that CVEs not be issued for "pre-release" Wireguard components[1]: > Current snapshots are generally versioned "0.0.YYYYMMDD" or "0.0.V", but these should not be considered real releases and they may contain security quirks (which would not be eligible for CVEs, since this is pre-release snapshot software). [1]: https://www.wireguard.com/

kseifried on March 3, 2020 | [–]

Also to reiterate: "which would not be eligible for CVEs, since this is pre-release snapshot software" is not correct. It's usually correct, but not 100%.

kseifried on March 3, 2020 | [–]

Yeah and he's not the boss of CVE. If someone wanted a CVE for wireguard I'd be happy to help them get one.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact