On 5/25/26 11:47, Charlie Li wrote:
Pete Wright wrote:
i searched bugzilla and wasn't sure if we are filing reports for each
CVE and tracking there, or are our efforts better spent focusing on
getting a newer default python out the door?
Please do not do anything of this sort, they only slow things down.
Security reports almost always affect every supported and development
branch upstream at the same time.
so what is the best course of action if a fix has been applied upstream,
but is not reflected in the ports tree?
-p
--
Pete Wright
[email protected]
