On 10/30/17, 4:49 PM, "Sam Hartman" <hartm...@debian.org> wrote:
> My understanding is that the patches already exist, but effort didn't > exist within Debian to do a good job of taking those patches ourselves > at least the last time this was discussed on the list. They're also up and down the stack and includes Santuario/xml-sec patches that I'm also stuck making happen, though that should get released probably next month as xml-security 2.0. The scope of the patches are such that I definitely advised them not to try it themselves, and I think they took that advice. -- Scott