On 2025/10/27 21:40, Sebastian Pipping wrote: > Hello Stuart, > > > On 10/27/25 20:45, Stuart Henderson wrote: > > On 2025/10/27 19:51, Sebastian Pipping wrote: > > > Also, fixes without a CVE will not be backported downstream. > > > > That depends on the downstream. > > I'm happy to learn which downstreams backport security issues > without a CVE, in practice. Do you have an example or two?
OpenBSD does for some ports, but it's down to the individual port maintainer.
