[Bug 287391] textproc/libxml2: security patches for 2.11.9

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=287391

--- Comment #36 from Charlie Li <vishwin@freebsd.org> ---
(In reply to Florian Smeets from comment #33)
I softened my stance in comment 31, as nuance tends to get lost in text. While
they will continue to be documented as usual/reported, I'm still concerned over
reactive noise especially when fixes are not available or workable.

What upstream does or doesn't do absolutely matters for us. Treating security
issues and commits as any other issue and commit can lead to fixes not being
backportable, especially if they are discovered in a newer branch than what we
have. Ever since 2.12, there have been major API and behavioural changes per
branch/major version that have necessitated lengthy update cycles. Perhaps the
big changes will subside a bit but the vigilance remains.

We got very lucky this time, in that the original backports to the 2.12 branch
applied cleanly here. This is also what made the MFH possible. But do not
expect this as a clear-cut norm going forward.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.