Those at least link back to a CVE, which often does have all the gory technical details.
I think your counter-example swings too far in the other direction. Nobody expects a git-diff of the fix, but a solid explanation of the whys and wherefore’s isn’t unreasonable. Cloudflare does, fly.io does, etc etc.
I think your counter-example swings too far in the other direction. Nobody expects a git-diff of the fix, but a solid explanation of the whys and wherefore’s isn’t unreasonable. Cloudflare does, fly.io does, etc etc.