> On 8 Apr 2025, at 18:33, Bruce Momjian <br...@momjian.us> wrote:
> Would we have to put out minor releases for curl CVEs? I don't think we > have to for OpenSSL so would curl be the same? Why do you envision this being different from all other dependencies we have? For OpenSSL we also happily build against a version (and until recently, several versions) which is EOL and don't even recieve security fixes. -- Daniel Gustafsson
