On Wed, Jan 03, 2018 at 06:51:21PM -0500, Alex Gaynor wrote: > If PyPy releases include a copy of OpenSSL (or LibreSSL) then we need to > be in the business of issuing new releases whenever upstream has a > security release, we can't be shipping people OpenSSLs with known security > issues.
To a degree correct? I don't know if everyone who bundles ships every point release, but, if it's heartbleed all over again, you need to cut a new release. m -- Matt Billenstein m...@vazor.com http://www.vazor.com/ _______________________________________________ pypy-dev mailing list pypy-dev@python.org https://mail.python.org/mailman/listinfo/pypy-dev