https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=287391
--- Comment #18 from Torsten Zuehlsdorff <t...@freebsd.org> --- > OK, I'm done. I have no time remaining in the near term to help out. Dan, personally and with ports-sec hats: please proceed.! > I don't really understand the goal here, the branch is unsupported/deprecated > and backports aren't verified by upstream. If anything please test 2.14.X and > see if you see any odd behavior. Daniel, the goal from a ports-sec team view is very simple: close a known security issue in a timely manner. We already have this patch for 11 days and there is no Veto against fixing the security issue. The only Veto is based on "the current port is outdated, please help to update it". This is fine, but there are still 13 open dependencies before the update can land. And 8 of them don't even have any patches. This will take an unclear amount of time while the security issue still remains open. I can't see why we should keep the security issue? Why do you advocate against fixing the issue? This will not block the update in any way. We already have patches here, so no time is wasted. What am I missing in your argument here? -- You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug.
