This is just a related question: do we have a way to tell the linter that this should be ignored, and to tell it that this package is affected by something that the linter can not see.
One example is when something usually is a native input, but for the package considered it really should be input.
Another example is security fixing. We might fix something by a patch, and mark the package not affected, and conversely, we might have to carry a vulnerable patch to a version otherwise not affected. Wdyt?
Best regards,
g_bor