Eduardo Barretto

> [@dodys](https://github.com/dodys) what makes ESM special? is this a completely different pool, e.g., effectively a different ubuntu distro, or is this just a different repository that provides ubuntu packages in...

@landesfeind this is not an issue. Ignored status means that the Ubuntu Security Team decided to not fix such vulnerability. Therefore you would still be vulnerable to it. We take...

@landesfeind you mentioned this creating too many false positives. Do you have actual numbers? We could change our approach to it, if more people see the value of such a...

> Hey [@dodys](https://github.com/dodys) ! > > Is it possible to keep these files around, but mark them as `withdrawn` instead? That's how we typically expect sources to "remove" entries. hey...

> It's been there for a since pre 1.0 :) But the fact you didn't know about it means we haven't signposted it enough in our documentation -- [@jess-lowe](https://github.com/jess-lowe) [@hogo6002](https://github.com/hogo6002)...

@oliverchang yes totally, that's one of the reasons it might take a few weeks, my idea is to fix the `withdraw` issue and update the schema to 1.7.0 on all...

> I think there is a related problem with entries that the Ubuntu team set to "Ignored". The entries in the original Ubuntu JSON list the versions but without a...

This is now solved and the withdrawn data reflects it.