On Feb 22, 2018, at 20:04, Ken Cunningham wrote: > or until we bundle in libcurl.
Note that bundling libcurl is insufficient to fix the issue; we would have to bundle an ssl library too, and there was an objection that we don't want to be in the business of needing to quickly release a new version of MacPorts when a new vulnerability in that ssl library is found. https://trac.macports.org/ticket/51516#comment:23
