Howdy! I note the version of poppler we're shipping is pretty old, and that there are CVEs outstanding against it.
Am I correct in assuming that as things stand, we mostly depend on port owners to track security updates on behalf of the project and that there isn't a security officer or any such thing? (Not complaining, just seeking clarification.) Perry -- Perry E. Metzger pe...@piermont.com