[Bug 210155] textproc/expat2 & textproc/linux-*-expat: Expat issues CVE-2012-6702 and CVE-2016-5300

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210155

--- Comment #11 from John Hein <z7dr6ut7gs at snkmail.com> ---
Ok.  Maybe requiring DISABLE_VULNERABILITIES isn't bad.  It's not unreasonable
to force people to think twice and explicitly set a knob before installing a
potentially vulnerable port.  Maybe the vulnerability warning should grow an
option to prompt the user to continue building anyway.

Anyway, I understand your position.  I just didn't want to see us head too far
down the slippery slope of ignoring vulnerabilities because they are
inconvenient.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.