FYI,
We have been discussing a particular issue in the curl security team recently
and based on this context, I want us to draw this line in the sand for the
future, for when we no longer consider problems to be curl security problems
when a "legacy dependency" is needed to tigger them.
I've created a PR to this effect, tryingto define what such a "legacy
dependency" could be:
https://github.com/curl/curl/pull/16086
I'll welcome help and feedback.
(The exact details of the particular issue that triggered this will be
disclosed at a later time.)
--
/ daniel.haxx.se || https://rock-solid.curl.dev
--
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
