On Feb 22, 2018, at 20:04, Ken Cunningham wrote:

> or until we bundle in libcurl.

Note that bundling libcurl is insufficient to fix the issue; we would have to 
bundle an ssl library too, and there was an objection that we don't want to be 
in the business of needing to quickly release a new version of MacPorts when a 
new vulnerability in that ssl library is found.


Reply via email to