On Wed, Jan 03, 2018 at 06:51:21PM -0500, Alex Gaynor wrote:
>    If PyPy releases include a copy of OpenSSL (or LibreSSL) then we need to
>    be in the business of issuing new releases whenever upstream has a
>    security release, we can't be shipping people OpenSSLs with known security
>    issues.

To a degree correct?  I don't know if everyone who bundles ships every point
release, but, if it's heartbleed all over again, you need to cut a new release.

m

-- 
Matt Billenstein
m...@vazor.com
http://www.vazor.com/
_______________________________________________
pypy-dev mailing list
pypy-dev@python.org
https://mail.python.org/mailman/listinfo/pypy-dev

Reply via email to