18 Jan
2017
18 Jan
'17
11:46 p.m.
As the maintainer of one of those browsers, I'll also be prodding upstream about the issue if it can't easily be updated. The last time this came up (Dec 2015), Xombrero's author said
We briefly looked at the 2.x stuff but that would basically be a rewrite and even more unfortunate is that not all required hooks to make a “secure” browser are available.
He's an OpenBSD dev too, so it isn't like people have to explain the usefulness of security to him. We'll see how it goes. Contacting upstream (either with patches or "hey, we are going to have to remove your software from our repos") should be a fourth step on the policy. -Kyle http://kmkeen.com