Date: Mon, 25 May 2026 15:44:11 -0700 From: Pete Wright <pete@nomadlogic.org> To: Charlie Li <vishwin@freebsd.org>, freeBSD-python@freebsd.org Subject: Re: Best way to help get CVE's addressed Message-ID: <edfb5aa4-cb64-4d1b-9bc7-f2a1c420befd@nomadlogic.org> In-Reply-To: <cfbd3154-f899-4fa6-8114-0b1548141027@freebsd.org> References: <560c94dc-aa6a-4670-a3be-b89f1f2ce0ec@nomadlogic.org> <cfbd3154-f899-4fa6-8114-0b1548141027@freebsd.org>
index | next in thread | previous in thread | raw e-mail
On 5/25/26 11:47, Charlie Li wrote: > Pete Wright wrote: > >> i searched bugzilla and wasn't sure if we are filing reports for each >> CVE and tracking there, or are our efforts better spent focusing on >> getting a newer default python out the door? >> > Please do not do anything of this sort, they only slow things down. > Security reports almost always affect every supported and development > branch upstream at the same time. > so what is the best course of action if a fix has been applied upstream, but is not reflected in the ports tree? -p -- Pete Wright pete@nomadlogic.orghome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?edfb5aa4-cb64-4d1b-9bc7-f2a1c420befd>