[Bug 287391] textproc/libxml2: security patches for 2.11.9

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=287391

--- Comment #21 from Torsten Zuehlsdorff <tz@freebsd.org> ---
(In reply to Daniel Engberg from comment #20)

To be fair: the work on 279705 started nearly a year (!) ago. Based on the long
PR it is not visible if we can simply pull the new version and progress or not.
And if not, how long it will take?

From my point of view, it can take some additional months. I see 13 issues the
update "depends on". It is not marked as "related to", but as "depends on". 8
of them have *no* Patches. Some don't even have any comment. So just from
looking at them, i really can't say anything about it.

But you are deep in the topic, so i would ask you back: if it is a better idea
to commit the update instead of the upstream-Patches, what is holding you back?
I offered my support and did not hear anything back in this regard. So this is
also simply a black box for me.

If you are confident in the update, do as you proposed: commit the update and
move on.

If you are not that confident, i would go with upstream-Patches first. In case
of issues, we still can rollback them and/or switch to the update, or am i
wrong?

So what should happen next, Daniel? :)

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.