On Mon, 5 Jun 2017 13:42:50 -0400 Michael Orlitzky <[email protected]> wrote:
> Hans was > attempting to fix it, but now that upstream is dead, it will remain > insecure forever. IME, as long as that's clear from the pmask, and its clear what those security vectors are, as long as an end user makes sure those vectors can't happen, having an insecure-in-theory-but-not-in-practice phantomjs is better than having no phantomjs.
pgpTvAqhrhnTO.pgp
Description: OpenPGP digital signature
